overlay-native_tls.conf

# To build serial LTE modem native TLS socket support
# add the following to your west build command:
#       -DOVERLAY_CONFIG=overlay-native_tls.conf
#

# TLS configuration
CONFIG_SLM_NATIVE_TLS=y
CONFIG_MODEM_KEY_MGMT=y
CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_NET_SOCKETS_OFFLOAD_TLS=n
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=2
CONFIG_NET_SOCKETS_TLS_SET_MAX_FRAGMENT_LENGTH=y
# Increase extra FD entry for TLS contexts(2)
CONFIG_POSIX_MAX_FDS=10
# Enable Socket Logging for debug
#CONFIG_NET_LOG=y
#CONFIG_NET_SOCKETS_LOG_LEVEL_DBG=y
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_TLS_LIBRARY=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
# If larger TLS buffer is required for large CA chain,
# increase CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN and
# CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN to 4096
# and CONFIG_MBEDTLS_HEAP_SIZE to 32768
CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=5120
CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
CONFIG_MBEDTLS_HEAP_SIZE=36864
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
#Cipher Suite disable
CONFIG_MBEDTLS_CTR_DRBG_C=n
CONFIG_MBEDTLS_CHACHA20_C=n
CONFIG_MBEDTLS_POLY1305_C=n
CONFIG_MBEDTLS_SHA1_C=n
CONFIG_MBEDTLS_DHM_C=n
CONFIG_MBEDTLS_CMAC_C=n
CONFIG_MBEDTLS_CIPHER_MODE_CTR=n
CONFIG_MBEDTLS_CIPHER_MODE_CFB=n
CONFIG_MBEDTLS_CIPHER_MODE_OFB=n
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED=n
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED=n
#Cipher Suite enable
CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=y
CONFIG_MBEDTLS_SHA512_C=y
CONFIG_MBEDTLS_ECDH_C=y
CONFIG_MBEDTLS_SSL_SRV_C=y
CONFIG_MBEDTLS_AES_C=y
CONFIG_MBEDTLS_CCM_C=y
CONFIG_MBEDTLS_PKCS1_V15=y