Function esp_idf_sys::mbedtls_ssl_conf_legacy_renegotiation

source ยท
pub unsafe extern "C" fn mbedtls_ssl_conf_legacy_renegotiation(
    conf: *mut mbedtls_ssl_config,
    allow_legacy: c_int,
)
Expand description

\brief Prevent or allow legacy renegotiation. (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)

            MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
            be established even if the peer does not support
            secure renegotiation, but does not allow renegotiation
            to take place if not secure.
            (Interoperable and secure option)

            MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
            with non-upgraded peers. Allowing legacy renegotiation
            makes the connection vulnerable to specific man in the
            middle attacks. (See RFC 5746)
            (Most interoperable and least secure option)

            MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
            if peer does not support secure renegotiation. Results
            in interoperability issues with non-upgraded peers
            that do not support renegotiation altogether.
            (Most secure option, interoperability issues)

\param conf SSL configuration \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, SSL_ALLOW_LEGACY_RENEGOTIATION or MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)