Function esp_idf_svc::hal::sys::mbedtls_ssl_conf_legacy_renegotiation
source ยท pub unsafe extern "C" fn mbedtls_ssl_conf_legacy_renegotiation(
conf: *mut mbedtls_ssl_config,
allow_legacy: i32,
)
Expand description
\brief Prevent or allow legacy renegotiation. (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
be established even if the peer does not support
secure renegotiation, but does not allow renegotiation
to take place if not secure.
(Interoperable and secure option)
MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
with non-upgraded peers. Allowing legacy renegotiation
makes the connection vulnerable to specific man in the
middle attacks. (See RFC 5746)
(Most interoperable and least secure option)
MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
if peer does not support secure renegotiation. Results
in interoperability issues with non-upgraded peers
that do not support renegotiation altogether.
(Most secure option, interoperability issues)
\param conf SSL configuration \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, SSL_ALLOW_LEGACY_RENEGOTIATION or MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)