39 lines
1.1 KiB
Plaintext
39 lines
1.1 KiB
Plaintext
CONFIG_LWM2M_DTLS_SUPPORT=y
|
|
CONFIG_LWM2M_PEER_PORT=5684
|
|
|
|
# I need room to store certificates
|
|
CONFIG_LWM2M_SECURITY_KEY_SIZE=2048
|
|
|
|
# Select Zephyr mbedtls
|
|
CONFIG_MBEDTLS=y
|
|
CONFIG_MBEDTLS_TLS_VERSION_1_2=y
|
|
|
|
# Special MbedTLS changes
|
|
CONFIG_MBEDTLS_ENABLE_HEAP=y
|
|
CONFIG_MBEDTLS_HEAP_SIZE=32768
|
|
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=1500
|
|
CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
|
|
|
|
# Disable RSA, use only ECC certificates
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=n
|
|
# Enable PSK and ECDHE_ECDSA
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED=y
|
|
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y
|
|
# We only need prime256v1 curve
|
|
CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
|
|
CONFIG_MBEDTLS_ECDH_C=y
|
|
CONFIG_MBEDTLS_ECDSA_C=y
|
|
CONFIG_MBEDTLS_ECP_C=y
|
|
CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
|
|
CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
|
|
# Optional: we could use just binary DER certificates
|
|
CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
|
|
|
|
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
|
|
CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=4
|
|
CONFIG_NET_SOCKETS_ENABLE_DTLS=y
|
|
|
|
# MbedTLS needs a larger stack
|
|
CONFIG_MAIN_STACK_SIZE=2048
|
|
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048
|