Function esp_idf_svc::sys::mbedtls_ssl_conf_ciphersuites
source · pub unsafe extern "C" fn mbedtls_ssl_conf_ciphersuites(
conf: *mut mbedtls_ssl_config,
ciphersuites: *const i32,
)
Expand description
\brief Set the list of allowed ciphersuites and the preference order. First in the list has the highest preference.
For TLS 1.2, the notion of ciphersuite determines both
the key exchange mechanism and the suite of symmetric
algorithms to be used during and after the handshake.
For TLS 1.3 (in development), the notion of ciphersuite
only determines the suite of symmetric algorithms to be
used during and after the handshake, while key exchange
mechanisms are configured separately.
In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3
are configured via this function. For users of TLS 1.3,
there will be separate API for the configuration of key
exchange mechanisms.
The list of ciphersuites passed to this function may
contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite
identifiers. This is useful if negotiation of TLS 1.3
should be attempted, but a fallback to TLS 1.2 would
be tolerated.
\note By default, the server chooses its preferred ciphersuite among those that the client supports. If mbedtls_ssl_conf_preference_order() is called to prefer the client’s preferences, the server instead chooses the client’s preferred ciphersuite among those that the server supports.
\warning The ciphersuites array \p ciphersuites is not copied. It must remain valid for the lifetime of the SSL configuration \p conf.
\param conf The SSL configuration to modify. \param ciphersuites A 0-terminated list of IANA identifiers of supported ciphersuites, accessible through \c MBEDTLS_TLS_XXX and \c MBEDTLS_TLS1_3_XXX macros defined in ssl_ciphersuites.h.