[Networking][Mbedtls] Judicious use of cipher suites

Prabhu Vinod, Karthik



I wanted to check if there is a way to use cryptographic cipher suites without including following config options.










In most user space application clients like those of mqtt, co-ap https etc,  I have observed we associate a tls_config with a socket as a socket_opt. I wanted to know if we could use a very small set of cipher suites just by providing the list of cipher suites in tls_config->cipher_list  and skip enabling the CONFIG_MBEDTLS, CONFIG_MBEDTLS_BUILTIN. I don’t want to use config-tls-generic config file as the default as it contains almost all the cipher suites


At Application level we can do the below:

struct mqtt_sec_config *tls_config = &client->transport.tls.config;


tls_config->peer_verify = 2;

tls_config->cipher_list = NULL;

tls_config->sec_tag_list = m_sec_tags;

tls_config->sec_tag_count = ARRAY_SIZE(m_sec_tags);

tls_config->hostname = hostname;



Look forward to some suggestions here



Many Regards,

Karthik Prabhu Vinod


Help save the planet by choosing not to use single use plastics. Pick paper, bamboo or metal cutlery and carry your own bag to the grocery store. Every little thing you do makes an impact.

Join users@lists.zephyrproject.org to automatically receive all group messages.