SSL/TLS communication module

The SSL/TLS communication module provides the means to create an SSL/TLS communication channel.

The basic provisions are:

  • initialise an SSL/TLS context (see mbedtls_ssl_init()).
  • perform an SSL/TLS handshake (see mbedtls_ssl_handshake()).
  • read/write (see mbedtls_ssl_read() and mbedtls_ssl_write()).
  • notify a peer that connection is being closed (see mbedtls_ssl_close_notify()).

Many aspects of such a channel are set through parameters and callback functions:

  • the endpoint role: client or server.
  • the authentication mode. Should verification take place.
  • the Host-to-host communication channel. A TCP/IP module is provided.
  • the random number generator (RNG).
  • the ciphers to use for encryption/decryption.
  • session control functions.
  • X.509 parameters for certificate-handling and key exchange.

This module can be used to create an SSL/TLS server and client and to provide a basic framework to setup and communicate through an SSL/TLS communication channel.
Note that you need to provide for several aspects yourself as mentioned above.