CONFIG_MBEDTLS_SSL_DTLS_HELLO_VERIFY

Enable support for HellyVerifyRequiest on DTLS servers

Type: bool

Help

Enable this to ensure DTLS servers can't be used in certain DoS
attacks.

Direct dependencies

MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_TLS_LIBRARY && NRF_SECURITY

(Includes any dependencies from ifs and menus.)

Default

  • y

Kconfig definition

At <nrfxlib>/nrf_security/Kconfig.tls:158

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:33<Zephyr>/modules/Kconfig:6<nRF>/doc/_build/kconfig/Kconfig.modules:92<nrfxlib>/Kconfig.nrfxlib:13<nrfxlib>/nrf_security/Kconfig:105

Menu path: (Top) → Modules → nrfxlib (/home/runner/work/sdk-nrf/sdk-nrf/ncs/nrfxlib) → Nordic nrfxlib → nrf_security module → Create mbed TLS transport layer security library → Enable support for DTLS

config MBEDTLS_SSL_DTLS_HELLO_VERIFY
    bool "Enable support for HellyVerifyRequiest on DTLS servers"
    default y
    depends on MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_TLS_LIBRARY && NRF_SECURITY
    help
      Enable this to ensure DTLS servers can't be used in certain DoS
      attacks.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)