Mbed TLS should be able to build on the fly on a variety of platforms. However, you may need to tweak some platform-specific settings, or want to customize the feature set that will be built. You can do all this in one config file.
Configuration file
The default configuration file is here include/mbedtls/mbedtls_config.h
( include/mbedtls/config.h
Mbed TLS 2.28). It is fully documented and contains the following sections:
-
Select the option according to the platform in System Support : does your compiler support inline assembly, does your libc/network stack provide IPv6, etc.
-
Select the features to enable for the corresponding modules in Mbed TLS feature support : which TLS versions are supported, which keys are exchanged, specific elliptic curves, etc.
-
Select the module to be built Mbed TLS module . For example, if you don't need RSA or MD5, you can disable them completely.
-
Set specific options for each module, such as the maximum size of multiple precision integers, or the size of SSL's internal I/O buffers in module configuration options . All these options have default values.
Placement script
You can manually edit the configuration file using a text editor of your choice. However, in some cases it may be useful to set options in a more programmatic manner. We provide a Python script scripts/config.py
for this: scripts/config.py unset <name> scripts/config.py set <name> [<value>]
this config.py
script automatically finds mbedtls_config.h
the file when it is run this way from the root of Mbed TLS. If you want to run it from another directory or on another profile (see below), you need to use -f
options.
Alternative Profiles
You may wish to keep your application's custom configuration files outside of the Mbed TLS source tree. You can do this by defining a macro MBEDTLS_CONFIG_FILE
to get the desired filename (including quotes or angle brackets) at compile time. For example, with make : CFLAGS="-Ipath/to/config - DMBEDTLS_CONFIG_FILE='<my_config.h>'" make
Or, with Cmake :
-
If it is not running for the first time, before running: clear its cache
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + CFLAGS="-Ipath/to/config -DMBEDTLS_CONFIG_FILE='<my_config.h>'" cmake . make
Mbed TLS 2.2x only: We provide a check_config.h
file that checks configuration file consistency. We strongly recommend include
that it be at the end of custom configuration files. If you use the above settings, you may need to adjust include
the directives depending on your compiler. check_config.h
( Included automatically since Mbed TLS 3.0 .)
Example Configuration
We provide configuration examples in configs
the directory. These are usually minimum configurations for specific goals, such as supporting NSA suite B TLS
profiling. They also typically include the following settings to reduce resource usage .
original