Mbed TLS should be able to build on the fly on a variety of platforms. However, you may need to tweak some platform-specific settings, or want to customize the feature set that will be built. You can do all this in one config file.
Configuration file
The default configuration file is here include/mbedtls/mbedtls_config.h ( include/mbedtls/config.h Mbed TLS 2.28). It is fully documented and contains the following sections:
-
Select the option according to the platform in System Support : does your compiler support inline assembly, does your libc/network stack provide IPv6, etc.
-
Select the features to enable for the corresponding modules in Mbed TLS feature support : which TLS versions are supported, which keys are exchanged, specific elliptic curves, etc.
-
Select the module to be built Mbed TLS module . For example, if you don't need RSA or MD5, you can disable them completely.
-
Set specific options for each module, such as the maximum size of multiple precision integers, or the size of SSL's internal I/O buffers in module configuration options . All these options have default values.
Placement script
You can manually edit the configuration file using a text editor of your choice. However, in some cases it may be useful to set options in a more programmatic manner. We provide a Python script scripts/config.pyfor this: scripts/config.py unset <name> scripts/config.py set <name> [<value>] this config.pyscript automatically finds mbedtls_config.hthe file when it is run this way from the root of Mbed TLS. If you want to run it from another directory or on another profile (see below), you need to use -foptions.
Alternative Profiles
You may wish to keep your application's custom configuration files outside of the Mbed TLS source tree. You can do this by defining a macro MBEDTLS_CONFIG_FILEto get the desired filename (including quotes or angle brackets) at compile time. For example, with make : CFLAGS="-Ipath/to/config - DMBEDTLS_CONFIG_FILE='<my_config.h>'" make Or, with Cmake :
-
If it is not running for the first time, before running: clear its cache
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + CFLAGS="-Ipath/to/config -DMBEDTLS_CONFIG_FILE='<my_config.h>'" cmake . make
Mbed TLS 2.2x only: We provide a check_config.hfile that checks configuration file consistency. We strongly recommend includethat it be at the end of custom configuration files. If you use the above settings, you may need to adjust includethe directives depending on your compiler. check_config.h( Included automatically since Mbed TLS 3.0 .)
Example Configuration
We provide configuration examples in configsthe directory. These are usually minimum configurations for specific goals, such as supporting NSA suite B TLSprofiling. They also typically include the following settings to reduce resource usage .
original