https://devzone.nordicsemi.com/f/nordic-q-a/107704/enabling-ciphersuites-on-nrf-connect-sdkHi, I am trying to enable the below cipher suite, but I am not sure what configurations are needed to do so: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 The reason for this is that I keep receiving a MBEDTLS error 0x7780 when attempting a post toen-USTelligent Community 13Thu, 25 Jan 2024 13:11:58 GMThttps://devzone.nordicsemi.com/thread/466010?ContentTypeID=1Thu, 25 Jan 2024 13:11:58 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f324e36f-a31d-44b0-8a8a-ce3c2d8cdbf1Hieu<p>Hi Aman,</p> <p>For TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,<span>&nbsp;</span>you will need to set the&nbsp;<a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.5.1/kconfig/index.html#CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED">CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED</a>.</p> <p>To set CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED, you will need to satisfy its dependencies. If you trace back all of its dependency, it will boil down to:</p> <p>CONFIG_MBEDTLS_GCM_C&nbsp;||&nbsp;CONFIG_PSA_WANT_ALG_GCM<br />CONFIG_MBEDTLS_ECDH_C&nbsp;||&nbsp;CONFIG_PSA_WANT_ALG_ECDH<br />CONFIG_MBEDTLS_ECDSA_C&nbsp;||&nbsp;CONFIG_PSA_WANT_ALG_ECDSA</p> <p>The MBEDTLS_ line of configs&nbsp;is<span>&nbsp;</span>legacy. We recommend enabling the PSA_ configs instead.</p> <p>For clues on which&nbsp;Kconfig needs to be set for a particular cipher suite, please refer to the&nbsp;generated Mbed TLS config file&nbsp;at&nbsp;<em>&lt;SDK root&gt;\modules\crypto\mbedtls\include\mbedtls\mbedtls_config.h</em>. <br />Here is the same file used in NCS v2.5.0 on GitHub:&nbsp;<a href="https://github.com/nrfconnect/sdk-mbedtls/blob/v3.3.0-ncs2/include/mbedtls/mbedtls_config.h">sdk-mbedtls/include/mbedtls/mbedtls_config.h at v3.3.0-ncs2 · nrfconnect/sdk-mbedtls · GitHub</a>.</p> <p>Regards,</p> <p>Hieu</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/465882?ContentTypeID=1Wed, 24 Jan 2024 21:23:54 GMT137ad170-7792-4731-bb38-c0d22fbe4515:723bc940-c797-4ad5-8cd8-1b20c17e3563Hieu<p>Hi Aman,</p> <p>As a general solution, you&nbsp;should be able to use&nbsp;<a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.5.1/kconfig/index.html#CONFIG_MBEDTLS_KEY_EXCHANGE_ALL_ENABLED">CONFIG_MBEDTLS_KEY_EXCHANGE_ALL_ENABLED</a>&nbsp;and get enable supports for all cipher suites available in the SDK.</p> <p>However, that can result in wasted memory use. It can be better to&nbsp;enable only&nbsp;a specific cipher suite or a specific group of suites.&nbsp;I am investigating this direction and will follow up with details shortly.</p> <p>Regards,</p> <p>Hieu</p><div style="clear:both;"></div>