Function esp_idf_sys::mbedtls_ssl_conf_groups

source ยท
pub unsafe extern "C" fn mbedtls_ssl_conf_groups(
    conf: *mut mbedtls_ssl_config,
    groups: *const u16,
)
Expand description

\brief Set the allowed groups in order of preference.

            On server: This only affects the choice of key agreement mechanism

            On client: this affects the list of groups offered for any
            use. The server can override our preference order.

            Both sides: limits the set of groups accepted for use in
            key sharing.

\note This function replaces the deprecated mbedtls_ssl_conf_curves(), which only allows ECP curves to be configured.

\note The most recent invocation of either mbedtls_ssl_conf_curves() or mbedtls_ssl_conf_groups() nullifies all previous invocations of both.

\note This list should be ordered by decreasing preference (preferred group first).

\note When this function is not called, a default list is used, consisting of all supported curves at 255 bits and above, and all supported finite fields at 2048 bits and above. The order favors groups with the lowest resource usage.

\note New minor versions of Mbed TLS will not remove items from the default list unless serious security concerns require it. New minor versions of Mbed TLS may change the order in keeping with the general principle of favoring the lowest resource usage.

\param conf SSL configuration \param groups List of allowed groups ordered by preference, terminated by 0. Must contain valid IANA NamedGroup IDs (provided via either an integer or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros).