RSI_ENABLE - Use all ciphers configured by SSL_RELEASE_2_0_ALL_CIPHERS
RSI_DISABLE - Only use ciphers supported by TLS 1.2
RSI_SSL_CIPHERS
If RSI_SSL_RELEASE_2_0 is enabled, SSL_RELEASE_2_0_ALL_CIPHERS specifies the set of supported ciphers.
The RSI_SSL_CIPHERS and RSI_SSL_RELEASE_2_0 macros are defined in the /sapi/include/rsi_wlan_common_config.h file of the SDK.
If RSI_SSL_RELEASE_2_0 macro is enabled, the SSL_RELEASE_2_0_ALL_CIPHERS macro shall be defined. This macro represents a set of fourteen ciphers (defined by SSL_DEFAULT_CIPHERS) along with the following six user-configurable ciphers. user-configurable ciphers
Bit Position
Macro
BIT(0)
BIT_TLS_RSA_WITH_AES_256_CBC_SHA256
BIT(1)
BIT_TLS_RSA_WITH_AES_128_CBC_SHA256
BIT(2)
BIT_TLS_RSA_WITH_AES_256_CBC_SHA
BIT(3)
BIT_TLS_RSA_WITH_AES_128_CBC_SHA
BIT(4)
BIT_TLS_RSA_WITH_AES_128_CCM_8
BIT(5)
BIT_TLS_RSA_WITH_AES_256_CCM_8
Macro
Meaning
SSL_RELEASE_2_0_ALL_CIPHERS
BIT_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
BIT_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
BIT_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
BIT_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
BIT_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
BIT_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
BIT_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
BIT_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
BIT_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
BIT_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
BIT_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
BIT_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
BIT_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
BIT_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
BIT_TLS_RSA_WITH_AES_256_CBC_SHA256
BIT_TLS_RSA_WITH_AES_128_CBC_SHA256
BIT_TLS_RSA_WITH_AES_256_CBC_SHA
BIT_TLS_RSA_WITH_AES_128_CBC_SHA
BIT_TLS_RSA_WITH_AES_128_CCM_8
BIT_TLS_RSA_WITH_AES_256_CCM_8
If RSI_SSL_RELEASE_2_0macro is disabled, enabling the SSL_NEW_CIPHERS bit is mandatory, and the following ciphers are enabled for use.
Macro
Meaning
BIT_DHE_RSA_GCM
DHE_RSA in combination with GCM secure ciphers ...
> BIT_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
> BIT_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
BIT_ECDHE_RSA_GCM
ECDHE_RSA in combination with GCM secure ciphers ...
> BIT_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> BIT_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
BIT_DHE_RSA_CBC
DHE_RSA in combination with CBC secure ciphers ...
> BIT_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> BIT_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
BIT_ECDHE_RSA_CBC
ECDHE_RSA in combination with CBC secure ciphers ...
> BIT_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> BIT_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
BIT_ECDHE_ECDSA_CBC
ECDHE_ECDSA in combination with CBC secure ciphers ...
> BIT_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> BIT_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
SSL_NEW_CIPHERS
To enable more secure newly added ciphers
To use individual ciphers other than the default configurations shown above, configure the following macros under RSI_SSL_CIPHERS
Bit Position
Macro
BIT(0)
BIT_TLS_RSA_WITH_AES_256_CBC_SHA256
BIT(1)
BIT_TLS_RSA_WITH_AES_128_CBC_SHA256
BIT(2)
BIT_TLS_RSA_WITH_AES_256_CBC_SHA
BIT(3)
BIT_TLS_RSA_WITH_AES_128_CBC_SHA
BIT(4)
BIT_TLS_RSA_WITH_AES_128_CCM_8
BIT(5)
BIT_TLS_RSA_WITH_AES_256_CCM_8
BIT(6)
Reserved
BIT(7)
Reserved
BIT(8)
BIT_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
BIT(9)
BIT_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
BIT(10)
BIT_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
BIT(11)
BIT_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
BIT(12)
Reserved
BIT(13)
Reserved
BIT(14)
BIT_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
BIT(15)
BIT_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
BIT(16)
BIT_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
BIT(17)
BIT_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
BIT(18)
BIT_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
BIT(19)
BIT_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
BIT(20)
BIT_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
BIT(21)
BIT_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
BIT(22)
BIT_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
BIT(23)
BIT_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
BIT(24)
BIT_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
BIT(25)
BIT_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
BIT(26)
BIT_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
BIT(27)
BIT_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
BIT(28)
Reserved
BIT(29)
Reserved
BIT(30)
Reserved
BIT(31)
SSL_NEW_CIPHERS
Note! The RS9116W does not include hardware support for GCM based ciphers. Use of these ciphers may impact performance since related crypto operations are performed by software.
SSL_NEW_CIPHERS should not be set alone. User is required to set the other corresponding bits in the bitmap along with SSL_NEW_CIPHERS to enable the cipher selection.
- e.g. (SSL_NEW_CIPHERS | BIT_TLS_RSA_WITH_AES_256_CBC_SHA256 | BIT_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)#
