mbedtls_ssl_handshake_params - syntax, references, description

Minimum TLS version to be negotiated. It is set up in the ClientHello writing preparation stage and used throughout the ClientHello writing. Not relevant anymore as soon as the protocol version has been negotiated thus as soon as the ServerHello is received. For a fresh handshake not linked to any previous handshake, it is equal to the configured minimum minor version to be negotiated. When renegotiating or resuming a session, it is equal to the previously negotiated minor version. There is no maximum TLS version field in this handshake context. From the start of the handshake, we need to define a current protocol version for the record layer which we define as the maximum TLS version to be negotiated. The `tls_version` field of the SSL context is used to store this maximum value until it contains the actual negotiated value.

mbedtls_ssl_handshake_params::extended_ms

uint8_t

use Extended Master Secret?.

mbedtls_ssl_handshake_params::retransmit_state

unsigned char

Retransmission state.

mbedtls_ssl_handshake_params::ciphersuite_info

mbedtls_ssl_ciphersuite_t const *

mbedtls_ssl_handshake_params::update_checksum

MBEDTLS_CHECK_RETURN_CRITICAL int (*)(mbedtls_ssl_context *, const unsigned char *, size_t)

mbedtls_ssl_handshake_params::calc_verify

MBEDTLS_CHECK_RETURN_CRITICAL int (*)(const mbedtls_ssl_context *, unsigned char *, size_t *)

mbedtls_ssl_handshake_params::calc_finished

MBEDTLS_CHECK_RETURN_CRITICAL int (*)(mbedtls_ssl_context *, unsigned char *, int)

mbedtls_ssl_handshake_params::tls_prf

mbedtls_ssl_tls_prf_cb *

mbedtls_ssl_handshake_params::received_sig_algs

uint16_t[MBEDTLS_RECEIVED_SIG_ALGS_SIZE]

mbedtls_ssl_handshake_params::ecdh_ctx

mbedtls_ecdh_context

ECDH key exchange.

mbedtls_ssl_handshake_params::ecjpake_ctx

mbedtls_ecjpake_context

EC J-PAKE key exchange.

mbedtls_ssl_handshake_params::ecjpake_cache

unsigned char *

Cache for ClientHello ext.

mbedtls_ssl_handshake_params::ecjpake_cache_len

size_t

Length of cached data.

mbedtls_ssl_handshake_params::curves_tls_id

uint16_t *

List of TLS IDs of supported elliptic curves.

mbedtls_ssl_handshake_params::key_cert

mbedtls_ssl_key_cert *

chosen key/cert pair (server).

mbedtls_ssl_handshake_params::sni_key_cert

mbedtls_ssl_key_cert *

key/cert list from SNI.

mbedtls_ssl_handshake_params::sni_ca_chain

mbedtls_x509_crt *

trusted CAs from SNI callback.

mbedtls_ssl_handshake_params::sni_ca_crl

mbedtls_x509_crl *

trusted CAs CRLs from SNI.

mbedtls_ssl_handshake_params::buffering

struct { size_t total_bytes_buffered; uint8_t seen_ccs; struct mbedtls_ssl_hs_buffer { unsigned is_valid : 1; unsigned is_fragmented : 1; unsigned is_complete : 1; unsigned char *data; size_t data_len; } hs[MBEDTLS_SSL_MAX_BUFFERED_HS]; struct { unsigned char *data; size_t len; unsigned epoch; } future_record; }

mbedtls_ssl_handshake_params::cookie

unsigned char *

HelloVerifyRequest cookie for DTLS HelloRetryRequest cookie for TLS 1.3.

mbedtls_ssl_handshake_params::cookie_len

uint8_t

mbedtls_ssl_handshake_params::cookie_verify_result

unsigned char

Srv: flag for sending a cookie.

mbedtls_ssl_handshake_params::out_msg_seq

unsigned int

Outgoing handshake sequence number.

mbedtls_ssl_handshake_params::in_msg_seq

unsigned int

Incoming handshake sequence number.

mbedtls_ssl_handshake_params::retransmit_timeout

uint32_t

Current value of timeout.

mbedtls_ssl_handshake_params::flight

mbedtls_ssl_flight_item *

Current outgoing flight.

mbedtls_ssl_handshake_params::cur_msg

mbedtls_ssl_flight_item *

Current message in flight.

mbedtls_ssl_handshake_params::cur_msg_p

unsigned char *

Position in current message.

mbedtls_ssl_handshake_params::in_flight_start_seq

unsigned int

Minimum message sequence in the flight being received.

mbedtls_ssl_handshake_params::alt_transform_out

mbedtls_ssl_transform *

Alternative transform for resending messages.

mbedtls_ssl_handshake_params::alt_out_ctr

unsigned char[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]

Alternative record epoch/counter for resending messages.

mbedtls_ssl_handshake_params::mtu

uint16_t

Handshake mtu, used to fragment outgoing messages.

mbedtls_ssl_handshake_params::fin_sha256

mbedtls_md_context_t

mbedtls_ssl_handshake_params::fin_sha384

mbedtls_md_context_t

mbedtls_ssl_handshake_params::client_auth

uint8_t

used to check if CertificateRequest has been received from server side. If CertificateRequest has been received, Certificate and CertificateVerify should be sent to server.

mbedtls_ssl_handshake_params::state_local