diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 0119fae85e..59822d2047 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -95,65 +95,66 @@ Open question: do we group them into a subsection? ### In `tf_psa_crypto_config.h`, we have: * SECTION "Platform abstraction layer" +#define MBEDTLS_FS_IO #define MBEDTLS_HAVE_TIME #define MBEDTLS_HAVE_TIME_DATE -//#define MBEDTLS_PLATFORM_MEMORY -//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -//#define MBEDTLS_PLATFORM_SETBUF_ALT -//#define MBEDTLS_PLATFORM_EXIT_ALT -//#define MBEDTLS_PLATFORM_TIME_ALT -//#define MBEDTLS_PLATFORM_FPRINTF_ALT -//#define MBEDTLS_PLATFORM_PRINTF_ALT -//#define MBEDTLS_PLATFORM_SNPRINTF_ALT -//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT -//#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT -//#define MBEDTLS_PLATFORM_MS_TIME_ALT -//#define MBEDTLS_PLATFORM_GMTIME_R_ALT -//#define MBEDTLS_PLATFORM_ZEROIZE_ALT -#define MBEDTLS_FS_IO //#define MBEDTLS_MEMORY_DEBUG //#define MBEDTLS_MEMORY_BACKTRACE +#define MBEDTLS_PLATFORM_C +//#define MBEDTLS_PLATFORM_EXIT_ALT +//#define MBEDTLS_PLATFORM_FPRINTF_ALT +//#define MBEDTLS_PLATFORM_GMTIME_R_ALT +//#define MBEDTLS_PLATFORM_MEMORY +//#define MBEDTLS_PLATFORM_MS_TIME_ALT +//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +//#define MBEDTLS_PLATFORM_NV_SEED_ALT +//#define MBEDTLS_PLATFORM_PRINTF_ALT +//#define MBEDTLS_PLATFORM_SETBUF_ALT +//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT +//#define MBEDTLS_PLATFORM_SNPRINTF_ALT +//#define MBEDTLS_PLATFORM_TIME_ALT +//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT +//#define MBEDTLS_PLATFORM_ZEROIZE_ALT //#define MBEDTLS_THREADING_ALT //#define MBEDTLS_THREADING_PTHREAD -#define MBEDTLS_PLATFORM_C //#define MBEDTLS_THREADING_C -//#define MBEDTLS_PLATFORM_STD_MEM_HDR -//#define MBEDTLS_PLATFORM_STD_CALLOC calloc -//#define MBEDTLS_PLATFORM_STD_FREE free -//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf -//#define MBEDTLS_PLATFORM_STD_EXIT exit -//#define MBEDTLS_PLATFORM_STD_TIME time -//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf -//#define MBEDTLS_PLATFORM_STD_PRINTF printf -//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf -//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 -//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 -//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read -//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write -//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" + +//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc -//#define MBEDTLS_PLATFORM_FREE_MACRO free //#define MBEDTLS_PLATFORM_EXIT_MACRO exit -//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf -//#define MBEDTLS_PLATFORM_TIME_MACRO time -//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t +//#define MBEDTLS_PLATFORM_FREE_MACRO free //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf -//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf -//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf -//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf -//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read -//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write //#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t //#define MBEDTLS_PRINTF_MS_TIME PRId64 -//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 +//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read +//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write +//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf +//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf +//#define MBEDTLS_PLATFORM_STD_CALLOC calloc +//#define MBEDTLS_PLATFORM_STD_EXIT exit +//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 +//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 +//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf +//#define MBEDTLS_PLATFORM_STD_FREE free +//#define MBEDTLS_PLATFORM_STD_MEM_HDR +//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" +//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read +//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write +//#define MBEDTLS_PLATFORM_STD_PRINTF printf +//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf +//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf +//#define MBEDTLS_PLATFORM_STD_TIME time +//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf +//#define MBEDTLS_PLATFORM_TIME_MACRO time +//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t +//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf * SECTION "General and test configuration options" +//#define MBEDTLS_CHECK_RETURN_WARNING +//#define MBEDTLS_DEPRECATED_REMOVED +//#define MBEDTLS_DEPRECATED_WARNING //#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h" //#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" -//#define MBEDTLS_DEPRECATED_WARNING -//#define MBEDTLS_DEPRECATED_REMOVED -//#define MBEDTLS_CHECK_RETURN_WARNING #define MBEDTLS_SELF_TEST //#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN //#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND @@ -171,25 +172,25 @@ PSA_WANT_\* macros as in current `crypto_config.h`. //#define MBEDTLS_LMS_PRIVATE #define MBEDTLS_MD_C #define MBEDTLS_NIST_KW_C +#define MBEDTLS_PK_C +#define MBEDTLS_PKCS5_C +#define MBEDTLS_PKCS12_C +#define MBEDTLS_PK_PARSE_C #define MBEDTLS_PK_PARSE_EC_EXTENDED #define MBEDTLS_PK_PARSE_EC_COMPRESSED #define MBEDTLS_PK_RSA_ALT_SUPPORT -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C #define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PKCS5_C -#define MBEDTLS_PKCS12_C -//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 -//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 +//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 +//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 +//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 * SECTION "Data format support" @@ -202,65 +203,74 @@ PSA_WANT_\* macros as in current `crypto_config.h`. * SECTION "PSA core" +#define MBEDTLS_ENTROPY_C +//#define MBEDTLS_ENTROPY_FORCE_SHA256 //#define MBEDTLS_ENTROPY_HARDWARE_ALT +//#define MBEDTLS_ENTROPY_NV_SEED //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES //#define MBEDTLS_NO_PLATFORM_ENTROPY -//#define MBEDTLS_ENTROPY_FORCE_SHA256 -//#define MBEDTLS_ENTROPY_NV_SEED -//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER -//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS #define MBEDTLS_PSA_CRYPTO_C +//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS +//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS //#define MBEDTLS_PSA_CRYPTO_CLIENT //#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG +//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER //#define MBEDTLS_PSA_CRYPTO_SPM -//#define MBEDTLS_PSA_INJECT_ENTROPY -//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS -#define MBEDTLS_ENTROPY_C #define MBEDTLS_PSA_CRYPTO_STORAGE_C +//#define MBEDTLS_PSA_INJECT_ENTROPY #define MBEDTLS_PSA_ITS_FILE_C -//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h" -//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h" -//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 + //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 +//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h" +//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h" +//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 * SECTION "Builtin drivers" -#define MBEDTLS_HAVE_ASM -//#define MBEDTLS_NO_UDBL_DIVISION -//#define MBEDTLS_NO_64BIT_MULTIPLICATION -//#define MBEDTLS_HAVE_SSE2 #define MBEDTLS_AESNI_C #define MBEDTLS_AESCE_C //#define MBEDTLS_AES_ROM_TABLES //#define MBEDTLS_AES_FEWER_TABLES //#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH //#define MBEDTLS_AES_USE_HARDWARE_ONLY +//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT //#define MBEDTLS_CAMELLIA_SMALL_MEMORY //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED #define MBEDTLS_ECP_NIST_OPTIM //#define MBEDTLS_ECP_RESTARTABLE //#define MBEDTLS_ECP_WITH_MPI_UINT -//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED -//#define MBEDTLS_SHA256_SMALLER -//#define MBEDTLS_SHA512_SMALLER -//#define MBEDTLS_RSA_NO_CRT -//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT //#define MBEDTLS_GCM_LARGE_TABLE +#define MBEDTLS_HAVE_ASM +//#define MBEDTLS_HAVE_SSE2 +//#define MBEDTLS_NO_UDBL_DIVISION +//#define MBEDTLS_NO_64BIT_MULTIPLICATION +//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED +//#define MBEDTLS_RSA_NO_CRT +//#define MBEDTLS_SHA256_SMALLER //#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT //#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT //#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY //#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY +//#define MBEDTLS_SHA512_SMALLER //#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT //#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY -//#define MBEDTLS_MPI_WINDOW_SIZE 2 -//#define MBEDTLS_MPI_MAX_SIZE 1024 -//#define MBEDTLS_ECP_WINDOW_SIZE 4 + //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 +//#define MBEDTLS_ECP_WINDOW_SIZE 4 +//#define MBEDTLS_MPI_MAX_SIZE 1024 +//#define MBEDTLS_MPI_WINDOW_SIZE 2 //#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 * SECTION "Legacy cryptography" +#define MBEDTLS_AES_C +#define MBEDTLS_ARIA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CAMELLIA_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CHACHA20_C +#define MBEDTLS_CHACHAPOLY_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_CIPHER_MODE_CFB @@ -271,8 +281,13 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN #define MBEDTLS_CIPHER_PADDING_ZEROS -//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY +#define MBEDTLS_CMAC_C #define MBEDTLS_CTR_DRBG_C +//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY +#define MBEDTLS_DES_C +#define MBEDTLS_DHM_C +#define MBEDTLS_ECDH_C +#define MBEDTLS_ECP_C #define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_ECP_DP_SECP224R1_ENABLED #define MBEDTLS_ECP_DP_SECP256R1_ENABLED @@ -286,31 +301,19 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED #define MBEDTLS_ECP_DP_CURVE448_ENABLED -#define MBEDTLS_ECDSA_DETERMINISTIC -#define MBEDTLS_GENPRIME -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_PKCS1_V15 -#define MBEDTLS_PKCS1_V21 -//#define MBEDTLS_PSA_CRYPTO_CONFIG -#define MBEDTLS_AES_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CAMELLIA_C -#define MBEDTLS_ARIA_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CHACHA20_C -#define MBEDTLS_CHACHAPOLY_C -#define MBEDTLS_CMAC_C -#define MBEDTLS_DES_C -#define MBEDTLS_DHM_C -#define MBEDTLS_ECDH_C #define MBEDTLS_ECDSA_C +#define MBEDTLS_ECDSA_DETERMINISTIC #define MBEDTLS_ECJPAKE_C -#define MBEDTLS_ECP_C #define MBEDTLS_GCM_C +#define MBEDTLS_GENPRIME #define MBEDTLS_HKDF_C +#define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD5_C #define MBEDTLS_PADLOCK_C +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_PKCS1_V21 #define MBEDTLS_POLY1305_C +//#define MBEDTLS_PSA_CRYPTO_CONFIG //#define MBEDTLS_PSA_CRYPTO_SE_C #define MBEDTLS_RIPEMD160_C #define MBEDTLS_RSA_C @@ -331,6 +334,7 @@ PSA_WANT_\* macros as in current `crypto_config.h`. * SECTION "Mbed TLS feature support" //#define MBEDTLS_CIPHER_NULL_CIPHER +#define MBEDTLS_ERROR_STRERROR_DUMMY #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -342,34 +346,33 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#define MBEDTLS_ERROR_STRERROR_DUMMY #define MBEDTLS_SSL_ALL_ALERT_MESSAGES -#define MBEDTLS_SSL_DTLS_CONNECTION_ID -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 +#define MBEDTLS_SSL_ALPN //#define MBEDTLS_SSL_ASYNC_PRIVATE #define MBEDTLS_SSL_CONTEXT_SERIALIZATION //#define MBEDTLS_SSL_DEBUG_ALL +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +#define MBEDTLS_SSL_DTLS_CONNECTION_ID +#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +//#define MBEDTLS_SSL_DTLS_SRTP #define MBEDTLS_SSL_ENCRYPT_THEN_MAC +//#define MBEDTLS_SSL_EARLY_DATA #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE -#define MBEDTLS_SSL_RENEGOTIATION #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH //#define MBEDTLS_SSL_RECORD_SIZE_LIMIT +#define MBEDTLS_SSL_RENEGOTIATION +#define MBEDTLS_SSL_PROTO_DTLS #define MBEDTLS_SSL_PROTO_TLS1_2 #define MBEDTLS_SSL_PROTO_TLS1_3 #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -//#define MBEDTLS_SSL_EARLY_DATA -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_ALPN -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY -//#define MBEDTLS_SSL_DTLS_SRTP -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#define MBEDTLS_SSL_SESSION_TICKETS #define MBEDTLS_SSL_SERVER_NAME_INDICATION +#define MBEDTLS_SSL_SESSION_TICKETS //#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH //#define MBEDTLS_USE_PSA_CRYPTO #define MBEDTLS_VERSION_C @@ -385,17 +388,17 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_PKCS7_C #define MBEDTLS_SSL_CACHE_C #define MBEDTLS_SSL_COOKIE_C -#define MBEDTLS_SSL_TICKET_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TICKET_C #define MBEDTLS_SSL_TLS_C -#define MBEDTLS_X509_USE_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_CRL_PARSE_C -#define MBEDTLS_X509_CSR_PARSE_C #define MBEDTLS_X509_CREATE_C +#define MBEDTLS_X509_CRL_PARSE_C +#define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_CRT_WRITE_C +#define MBEDTLS_X509_CSR_PARSE_C #define MBEDTLS_X509_CSR_WRITE_C +#define MBEDTLS_X509_USE_C * SECTION "General configuration options" @@ -406,18 +409,18 @@ PSA_WANT_\* macros as in current `crypto_config.h`. * SECTION "Module configuration options" //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 -//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 +//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 +//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 //#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 //#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 //#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 -//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 -//#define MBEDTLS_PSK_MAX_LEN 32 -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 //#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 +//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 //#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 //#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 //#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 +//#define MBEDTLS_PSK_MAX_LEN 32 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512