Overview

This documentation describes NanoSSL – its features, important design considerations, and guidance for application programmers incorporating NanoSSL into their devices’ C/C++ application source code.

APIs

NanoSSL is implemented by the following ANSI C APIs:

Common code base: Functions common to all TrustCore SDK components; defined in ${MSS_SRC_PKG}/src/common/mocana.h.
Certificate management: Functions for authentication; defined in ${MSS_SRC_PKG}/src/crypto/ca_mgmt.h.
Common SSL code base: Functions common to all NanoSSL clients, both synchronous and asynchronous; defined in ${MSS_SRC_PKG}/src/ssl/ssl.h.
Synchronous client: Functions to implement synchronous communication between NanoSSL client and an SSL server; defined in ${MSS_SRC_PKG}/src/ssl/ssl.h.
Asynchronous client: Functions to implement asynchronous communication between a NanoSSL client and an SSL server; defined in ${MSS_SRC_PKG}/src/ssl/ssl.h.
Synchronous server: Functions to implement synchronous communication between a NanoSSL server and an SSL client; defined in ${MSS_SRC_PKG}/src/ssl/ssl.h.
Asynchronous server: Functions to implement asynchronous communication between a NanoSSL server and an SSL client; defined in ${MSS_SRC_PKG}/src/ssl/ssl.h.

Compilation flags

This table lists the NanoSSL compilation flags. There is only one required flag for the client and one required flag for the server. The remaining NanoSSL flags are optional for the basic synchronous NanoSSL client or server.

For a complete list of compilation flags and their descriptions, refer to the NanoSSL API Reference.

Flag	Description
`__ENABLE_MOCANA_SSL_CLIENT__`	Enables TrustCore SDK SSL synchronous client code. Required for NanoSSL client.
`__ENABLE_MOCANA_SSL_SERVER__`	Enables TrustCore SDK SSL synchronous server code. Required for NanoSSL server.
`__DISABLE_MOCANA_SSL_COMMON_NAME_CHECK__`	Disables common name validation during SSL handshaking. Not recommended.
`__DISABLE_SSL_GET_SOCKET_API__`	Disables function that retrieves an original socket ID for a connection instance.
`__DISABLE_SSL_IOCTL_API__`	Disables the IOCTL function, which sets the version number (SSLv3 or TLS v1.0) to use for connection.
`__DISABLE_SSL_IS_SESSION_API__`	Disables function that verifies whether a given connection instance is for a given SSL session.
`__DISABLE_SSL_SESSION_FLAGS_API__`	Disables functions that set SSL flags (inssl.h).
`__ENABLE_MOCANA_DER_CONVERSION__`	Enables DER file support. Allows reading public and private key data from an OpenSSL DER file.
`__ENABLE_MOCANA_EXTRACT_CERT_BLOB__`	Enables bit (raw data) access to a certificate's subject or issuer data.
`__ENABLE_MOCANA_MULTIPLE_COMMON_NAMES__`	Enables accessing all a certificate’s common names. If disabled, only the certificate’s first common name is accessible.
`__ENABLE_MOCANA_PEM_CONVERSION__`	Enables code that allows OpenSSH and OpenSSL PEM files to be used.
`__ENABLE_MOCANA_SERIALIZE__`	Enables private key serialization and deserialization.
`__ENABLE_MOCANA_SSL_ALERTS__`	Enables SSL/TLS alert support. Required for EAP-TLS, EAP-PEAP, EAP-FAST, and EAP-TTLS methods.
`__ENABLE_MOCANA_SSL_ANON_SUPPORT__`	(SSL only) Enables Anonymous Diffie-Hellman cipher suite support.
`__ENABLE_MOCANA_SSL_ASYNC_API_EXTENSIONS__`	Enables copy-less receive buffer processing. This flag must be defined if EAP-TLS is enabled (by defining the `__ENABLE_MOCANA_EAP_TLS__` flag).
`__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__`	Enables TrustCore SDK SSL asynchronous client. For NanoSSL client only.
`__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__`	Enables TrustCore SDK SSL asynchronous server. For NanoSSL server only.
`__ENABLE_MOCANA_SSL_CIPHER_SUITES_SELECT__`	Enables dynamic cipher suite selection through a user callback in the SSL server.
`__ENABLE_MOCANA_SSL_DH_ANON_SUPPORT__`	Enables SSL Diffie-Hellman Anonymous cipher suite support.
`__ENABLE_MOCANA_SSL_DHE_SUPPORT__`	Enables SSL Diffie-Hellman Ephemeral cipher suite support.
`__ENABLE_MOCANA_SSL_DUAL_MODE_API`	Enables SSL Diffie-Hellman Ephemeral cipher suite support.
`__ENABLE_MOCANA_SSL_ECDH_ANON_SUPPORT__`	Enables SSL Diffie-Hellman Ephemeral cipher suite support.
`__ENABLE_MOCANA_SSL_ECDH_SUPPORT__`	Enables Elliptic Curve Diffie-Hellman cipher suite support in SSL products.
`__ENABLE_MOCANA_SSL_ECDHE_SUPPORT__`	Enables Ephemeral Elliptic Curve Diffie-Hellman cipher suite support in NanoSSL products.
`__ENABLE_MOCANA_TLS12_UNSECURE_HASH__`	Enables support for SHA1 cipher suites in NanoSSL products.
`__ENABLE_MOCANA_SSL_DSA_SUPPORT__` `__ENABLE_MOCANA_DSA__` `__ENABLE_MOCANA_DSA_ALL_KEYSIZE__` `__VERIFY_DSA_KEY_GENERATION__`	Enables support for DSA in NanoSSL products.
`__ENABLE_MOCANA_CCM____ENABLE_MOCANA_CCM_8__`	Enables support for CCM cipher suite in NanoSSL products.
`__ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__`	Enables SSL mutual authentication; may be set for NanoSSH client or server. This flag must be defined to enable setting the `SSL_FLAG_REQUIRE_MUTUAL_AUTH` runtime flag.
`__ENABLE_MOCANA_SSL_NEW_HANDSHAKE__`	Enables the callback to be activated when a peer that is already successfully performed handshaking asks again.
`__ENABLE_MOCANA_SSL_REHANDSHAKE__`	Enables the SSL re-handshake feature.
`__ENABLE_MOCANA_SSL_SESSION_TICKET_RFC_5077__`	Enables TLS session resumption using session ticket for the NanoSSL Server
`__ENABLE_MOCANA_SSL_PSK_SUPPORT__`	Enables SSL Pre-shared Key support.
`__ENABLE_RFC3576__`	Enables RADIUS extensions for CoA (change of authorization) support.
`__ENABLE_MOCANA_SSL_FIPS__`	Enables the runtime mechanism to enable/disable restrictions to use FIPS-certified ciphers, algorithms, and asymmetric key sizes.
`__ENABLE_MOCANA_DTLS_SRTP__` `__ENABLE_MOCANA_SRTP_PROFILES_SELECT__`	Enables SRTP functionality for NanoSSL products.
`MIN_SSL_MINORVERSION`	Macro to set the default TLS minor version.
`__ENABLE_MOCANA_TLS13__`	Enables the TLS v1.3 protocol.
`__ENABLE_MOCANA_PSK_TLS13__`	Enables the PSK feature for the TLS v1.3 protocol.
`__ENABLE_MOCANA_0RTT_TLS13__`	Enables the 0RTT feature for the TLS v1.3 protocol.
`__ENABLE_MOCANA_SSL_HEARTBEAT_RFC_6520__`	Enables the support for heartbeat message exchange as specified in the RFC 6520
`__ENABLE_MOCANA_TLS13_APPLICATINO_DATA_CALLBACK__`	Enables callbacks for application data in the 0RTT flow.

Functions

This table lists the NanoSSL API functions and shows whether they are used for synchronous and/or asynchronous clients and/or servers.

Function	Client		Server
Function	Sync	Async	Sync	Async
`SSL_ASYNC_acceptConnection`				X
`SSL_ASYNC_closeConnection`		X		X
`SSL_ASYNC_connect`		X
`SSL_ASYNC_getRecvBuffer`		X		X
`SSL_ASYNC_getSendBuffer`		X		X
`SSL_ASYNC_init`		X		X
`SSL_ASYNC_initServer`				X
`SSL_ASYNC_recvMessage`		X		X
`SSL_ASYNC_recvMessage2`		X		X
`SSL_ASYNC_sendMessage`		X		X
`SSL_ASYNC_sendMessagePending`		X		X
`SSL_ASYNC_start`		X
`SSL_acceptConnection`			X
`SSL_closeConnection`	X		X
`SSL_connect`	X
`SSL_enableCiphers`	X	X	X	X
`SSL_getCipherInfo`	X	X	X	X
`SSL_getClientSessionInfo`	X	X
`SSL_setDNSNames`	X	X
`SSL_setServerNameList`	X	X
`SSL_getCookie`	X	X	X	X
`SSL_getInstanceFromSocket`	X	X	X	X
`SSL_getSessionFlags`	X	X	X	X
`SSL_getSessionStatus`	X	X	X	X
`SSL_getSocketId`	X	X	X	X
`SSL_init`	X		X
`SSL_initiateRehandshake`	X	X	X	X
`SSL_ioctl`	X	X	X	X
`SSL_Settings_Ioctl`	X	X	X	X
`SSL_isSessionSSL`	X	X	X	X
`SSL_lookupAlert`	X	X	X	X
`SSL_negotiateConnection`	X		X
`SSL_recv`	X		X
`SSL_recvPending`	X		X
`SSL_releaseTables`	X	X	X	X
`SSL_send`	X		X
`SSL_sendAlert`	X	X	X	X
`SSL_sendPending`	X		X
`SSL_setCookie`	X	X	X	X
`SSL_setSessionFlags`	X	X	X	X
`SSL_shutdownStack`	X	X	X	X
`SSL_setMinRSAKeySize`	X	X	X	X
`SSL_setSha1SigAlg`	X	X	X	X
`SSL_sslSettings`	X	X	X	X
`SSL_setFIPSEnabled`	X	X	X	X
`SSL_populateMutualAuthCertStore`	X	X
`SSL_enableHeartbeatSupport`	X	X	X	X
`SSL_sendHeartbeatMessage`	X	X	X	X

Callback functions

The sslSettings structure contains function pointers for the following callback functions, which are fully documented in the NanoSSL API Reference:

Synchronous/Asynchronous client/server
- funcPtrAlertCallback
- funcPtrAlertHandshakeCallback
- funcPtrSSLHandelTimeout
Synchronous/Asynchronous client
- funcPtrChoosePSK
- funcPtrMutualAuthCertificateVerify
Synchronous/Asynchronous server
- funcPtrGetClientPSK
- funcPtrLookupPSK
- funcPtrVersionCallback
Asynchronous client
- funcPtrClientOpenStateCallback
- funcPtrClientRenewalCallback
- funcPtrClientStartTimer
Asynchronous server
- funcPtrOpenStateCallback
- funcPtrRenewalCallback
- funcPtrStartTimer

Enabling NanoSSL and NanoTLS products and features lists the NanoSSL products and features that may be enabled, the flags required to enable them, and their required callback functions that need to be customized and registered. (Both NanoSSL client and server are listed because they share a common code base.)

Setting variables

This table lists the variables that must be set.

Variable	Description
`sslTimeOutHello`	Timeout to wait for a `Hello` message. The default value is 15000 ms.
`sslTimeOutReceive`	Timeout to wait to receive a handshake message. The default value is 15000 ms.
`maxTimerCountForhandShake`	Timer to initiate a rehandshake.
`maxByteCount`	Number of bytes sent out before initiating a rehandshake.

Enabling NanoSSL and NanoDTLS products and features

This table lists the NanoSSL products and features that may be enabled, the flags required to enable them, and the required callback functions that must be customized and registered. Both NanoSSL client and server are listed because they share a common code base.

Feature	Required Flags	Callback Functions
Synchronous server	`__ENABLE_MOCANA_SSL_SERVER__`	Any desired feature’s callbacks, listed in this table.
Asynchronous server	`__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__`	`funcPtrOpenStateUpcall` `funcPtrReceiveUpcall` `funcPtrStartTimer` Plus any desired feature’s callbacks, listed in this table.
Synchronous client	`__ENABLE_MOCANA_SSL_CLIENT__`	Desired features’ callbacks
Asynchronous client	`__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__`	`funcPtrClientOpenStateUpcall` `funcPtrClientReceiveUpcall` `funcPtrClientStartTimer` Plus any desired feature’s callbacks, listed in this table.
Dual mode	`__ENABLE_MOCANA_SSL_DUAL_MODE_API__`	Flags and callbacks listed above in this table for enabling synchronous and asynchronous server and/or client, as well as desired features’ callbacks.
Mutual authentication via single certificate	`__ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__`	(None)
Mutual authentication client CA list	`__ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__`	SSL_setClientCertAuthorityCallback(sbyte4 connectionInstance,MSTATUS (funcPtrClientCertAuthorityCallback) (sbyte4 connectionInstance, SizedBuffer pCertAuthorities, ubyte4 certAuthorityCount))
PSK support for NanoSSL server	`__ENABLE_MOCANA_SSL_PSK_SUPPORT__` Either `__ENABLE_MOCANA_SSL_SERVER__` or `__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__`	`funcPtrGetHintPSK` `funcPtrLookupPSK`
PSK support for NanoSSL client	`__ENABLE_MOCANA_SSL_PSK_SUPPORT__` Either `__ENABLE_MOCANA_SSL_CLIENT__` or `__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__`	`funcPtrChoosePSK`
SSL/TLS alerts	`__ENABLE_MOCANA_SSL_ALERTS__`	`funcPtrAlertCallback`
Notification of server re-handshake request	`__ENABLE_MOCANA_SSL_NEW_HANDSHAKE__`	`funcPtrNewHandshakeCallback`
RFC 5746: TLS Renegotiation Indication Extension	`__ENABLE_MOCANA_SSL_REHANDSHAKE__`	`funcPtrClientRehandshakeRequest` (applicable to synchronous and asynchronous variants of both NanoSSL client and NanoSSL server)
RFC 5077: Session Resumption Using Session Ticket for NanoSSL Server	`__ENABLE_MOCANA_SSL_SESSION_TICKET_RFC_5077__`	(None)
RFC 6066 for NanoSSL server	`__ENABLE_RFC6066__` Either `__ENABLE_MOCANA_SSL_SERVER__` or `__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__`	`funcPtrExtensionRequestCallback`
SSLv3 support	Define the `MIN_SSL_MINORVERSION` flag as equal to `SSL3_MINORVERSION`	(None)
Notify on SSL stack timeout and override or reset the timer	None	sbyte4 (funcPtrSSLHandleTimeout) (sbyte4 connectionInstance, ubyte4 msAdjustedTime); SSL_sslSettings().funcPtrSSLHandleTimeout To override the timeout, set the new timeout value in the `*msAdjustedTimevariable`.
Initiate TLS v1.3 KeyUpdate	`__ENABLE_MOCANA_TLS13__`	sbyte4(*funcPtrKeyUpdateRequest)(sbyte4 connectionInstance)
Get signature algorithm used	`__ENABLE_MOCANA_TLS13__`	SSL_getSignatureAlgo (sbyte4 connectionInstance, ubyte2 *pSigAlg)
Initiate post-handshake Authentication	`__ENABLE_MOCANA_TLS13__` Either `__ENABLE_MOCANA_SSL_SERVER__` or `__ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__`	SSL_sendPosthandshakeAuthCertificateRequest(sbyte4 connectionInstance)
Set maximum Early Data Size for generated PSK	`__ENABLE_MOCANA_TLS13__` `__ENABLE_MOCANA_TLS13_PSK__`	sbyte4 SSL_setMaxEarlyDataSize(sbyte4 connectionInstance, sbyte4 earlyDataSize)
Set receive early data size	`__ENABLE_MOCANA_TLS13__` `__ENABLE_MOCANA_TLS13_PSK__` `__ENABLE_MOCANA_TLS13_0RTT__` `__ENABLE_MOCANA_SSL_SERVER__`	sbyte4 SSL_setRecvEarlyDataSize(sbyte4 connectionInstance, sbyte4 recvEarlyDataSize)
Set application data to be sent as part of 0RTT flow	`__ENABLE_MOCANA_TLS13__` `__ENABLE_MOCANA_TLS13_PSK__` `__ENABLE_MOCANA_TLS13_0RTT__` `__ENABLE_MOCANA_SSL_CLIENT__`	sbyte4 SSL_setEarlyData(sbyte4 connectionInstance, ubyte* pEarlyData, ubyte4 earlyDataSize)
Set callback to receive early data on server	`__ENABLE_MOCANA_TLS13__` `__ENABLE_MOCANA_TLS13_PSK__` `__ENABLE_MOCANA_TLS13_0RTT__` `__ENABLE_MOCANA_SSL_SERVER__`	sbyte4 SSL_setReceiveApplicationDataCallback(sbyte4 (funcPtrTLS13ApplicationDataCallback)(sbyte4 connectionInstance, ubyte pData, ubyte4 dataLen, dataState state))
Deserialize PSK	`__ENABLE_MOCANA_TLS13__` `__ENABLE_MOCANA_TLS13_PSK__`	sbyte4 SSL_deserializePSK(ubyte pPsk, ubyte4 pskLen, tls13PSK *ppRetPsk)
Serialize PSK	`__ENABLE_MOCANA_TLS13__` `__ENABLE_MOCANA_TLS13_PSK__`	sbyte4 SSL_serializePSK(tls13PSK pPsk, ubyte ppPsk, ubyte4 pPskLen)
Set callback to save PSK generated by server	`__ENABLE_MOCANA_TLS13__` `__ENABLE_MOCANA_TLS13_PSK__` `__ENABLE_MOCANA_SSL_SERVER__`	SSL_setServerSavePSKCallback(sbyte4 (cb)(sbyte4 connectionInstance, sbyte ServerInfo, ubyte4 serverInfoLen, ubyte* pIdentityPSK, ubyte4 identityLengthPSK, ubyte* pPsk, ubyte4 pskLen))
Set callback to search PSK	`__ENABLE_MOCANA_TLS13__` `__ENABLE_MOCANA_TLS13_PSK__` `__ENABLE_MOCANA_SSL_SERVER__`	SSL_setServerLookupPSKCallback(sbyte4 (cb)(sbyte4 connectionInstance, ubyte pIdentityPSK, ubyte4 identityLengthPSK, ubyte** ppPsk, ubyte4 pPskLen, intBoolean pFreeMemory))
Set callback to delete PSK	`__ENABLE_MOCANA_TLS13__` `__ENABLE_MOCANA_TLS13_PSK__` `__ENABLE_MOCANA_SSL_SERVER__`	SSL_setServerDeletePSKCallback(sbyte4 (cb)(sbyte4 connectionInstance, sbyte ServerInfo, ubyte4 serverInfoLen, ubyte* pIdentityPSK, ubyte4 identityLengthPSK, ubyte* pPsk))
Set callbacks to enable SRTP feature	`__ENABLE_MOCANA_DTLS_SERVER__` `__ENABLE_MOCANA_DTLS_CLIENT__` `__ENABLE_MOCANA_DTLS_SRTP__` `__ENABLE_MOCANA_SRTP_PROFILES_SELECT__`	sbyte4SSL_setSrtpInitCallback(sbyte4(cb)(sbyte4 connectionInstance, peerDescr pChannelDescr, const SrtpProfileInfo* pProfile, void* keyMaterials, ubyte* mki));sbyte4 SSL_setSrtpEncodeCallback(sbyte4(cb)(sbyte4 connectionInstance, peerDescr pChannelDescr, const sbyte* pData, ubyte4 pDataLength, ubyte** encodedData, ubyte4* encodedLength));
Heartbeat Extension	`__ENABLE_MOCANA_SSL_HEARTBEAT_RFC_6520__`	SSL_enableHeartbeatSupport(sbyte4 connectionInstance, E_HeartbeatExtension value,sbyte4 (*funcPtrHeatbeatMessageCallback)(sbyte4 connectionInstance, sbyte4 status, ubyte heartbeatType));SSL_sendHeartbeatMessage(sbyte4 connectionInstance);

Session-specific callback function

The SSLSocket structure contains function pointers for callback functions that are associated with a session (i.e., each session may set the function pointers to a different function):

Synchronous/asynchronous client/server:
- funcPtrGetCertAndStatusCallback — Set using SSL_setCertAndStatusCallback().
- funcPtrAlpnCallback — Set using SSL_setAlpnCallback().
- funcPtrInvalidCertCallback — Set using:
```
MSTATUS SSL_setInvalidCertCallback(sbyte4 connectionInstance, (MSTATUS (*funcPtrInvalidCertCallback)(sbyte4 connectionInstance, MSTATUS validationstatus));
```
  Note
  This function requires the build flag __ENABLE_MOCANA_SSL_INVALID_CERTIFICATE_CALLBACK__.
  To ignore the certificate error, the callback should return the status >= 0.
Synchronous/asynchronous server:
- funcPtrVersionCallback — Set using SSL_setVersionCallback().
Synchronous/asynchronous client:
- funcPtrVersionCallback — Set using SSL_setVersionCallback().

This table describes the purpose of these function pointers, which are also fully documented in the NanoSSL API Reference.

Function Pointer	Description
`funcPtrGetCertAndStatusCallback`	Provides the application with the certificate used and the SSL stack's validation status. The application may then perform additional checks on the certificate and optionally override the SSL stack's validation. The implementation of this function should return `OK` to indicate that the certificate is valid, irrespective of the SSL stack's status. The application may choose to accept the status proposed by the SSL stack.
`funcPtrAlpnCallback`	Allows the application to negotiate the application-layer protocols, as per RFC-7301.
`funcPtrInvalidCertCallback`	Enables application callback to be notified of an empty certificate (zero length) or invalid certificate received from the client where mutual authentication is enabled.
`funcPtrSSLClientSavePSKCallback`	Mechanism to save the PSKs received from the server.
`funcPtrSSLClientRetrievePSKCallback`	Mechanism to retrieve PSKs to establish a connection with a particular server.
`funcPtrSSLSendApplicationDataCallback`	Allows application to provide early data for 0RTT flow; invoked if `early_data` was not set during `init`.
`funcPtrClientCertCallback`	Allows the application to provide the client certificate, key, and CA for mutual authentication at run time in the server’s client certificate request; invoked only if the default certificate store does not have the certificate.

Session-specific settings

Session settings may be applied using the following methods:

SSL_ioctl
SSL_setSessionFlags

SSL_ioctl flags

This table lists the flags that may be configured to call the SSL_ioctl function.

Flag	Description
`SSL_SET_VERSION`	Sets the minor version of TLS.
`SSL_SET_MINIMUM_VERSION`	Sets the minimum minor version of TLS.
`SSL_SET_SCSV_VERSION`
`SSL_SET_RECV_TIMEOUT`	Sets the receive timeout for asynchronous mode.
`DTLS_SET_HANDSHAKE_RETRANSMISSION_TIMER`	Sets the time for DTLS handshake retransmission.
`DTLS_SET_PMTU`	Sets the MTU for DTLS messages.
`DTLS_USE_SRTP`	Sets the SRTP value for DTLS.
`DTLS_SET_HELLO_VERIFIED`	Enables acknowledgment that the application received the cookie and verified it.
`SSL_GET_CLIENT_RANDOM`	Gets the client’s random number.
`SSL_GET_SERVER_RANDOM`	Gets the server’s random number.
`SSL_REQUEST_SESSION_TICKET`	Configured on the client only to request a session ticket from the server.
`SSL_PSK_KEY_EXCHANGE_MODE`	Sets the PSK key exchange modes on the client.
`SSL_GET_KEY_UPDATE_DATA_TYPE`	Gets the status of the `KeyUpdate` message state.
`SSL_SET_SEND_EARLY_DATA`	Sends `early_data` with the 0RTT flow.
`SSL_GET_MAX_EARLY_DATA`	Gets the maximum number of bytes of early data that may be received by the server.
`SSL_SET_MAX_EARLY_DATA`	Sets the maximum number of bytes of early data that may be received by the server.
`SSL_GET_EARLY_DATA_STATUS`	Gets the status of the early data received.
`SSL_SET_NUM_TICKETS`	Sets the number of tickets that the server may send to a client after a connection has been established.
`SSL_GET_NUM_TICKETS`	Gets the number of tickets that server sends.

SSL_setSession flags

This table lists the session authentication flags for the SSL_setSessionFlags API. For more information about this API, refer to the NanoSSL API Reference.

Flag	Description
`SSL_FLAG_REQUIRE_MUTUAL_AUTH`	Enables mutual authentication.
`SSL_FLAG_NO_MUTUAL_AUTH_REQUEST`	Disables mutual authentication.
`SSL_FLAG_NO_MUTUAL_AUTH_REPLY`	Enables mutual authentication and allows an an empty response from the client to be accepted.
`SSL_FLAG_ENABLE_SEND_EMPTY_FRAME`	Enables sending of an empty frame.
`SSL_FLAG_ENABLE_SEND_BUFFER`	Enables send of a buffer in asynchronous mode.
`SSL_FLAG_ENABLE_RECV_BUFFER`	Enables therecvbuffer in asynchronous mode.
`SSL_FLAG_ENABLE_POST_HANDSHAKE_AUTH`	Enables post-handshake authentication.
`SSL_FLAG_ALLOW_INSECURE_REHANDSHAKE`	Allows legacy renegotiation.

Common TrustCore SDK initialization

Applications should perform the common TrustCore SDK initialization and shutdown work, as shown in the ${MSS_SRC_PKG}/src/examples/mocana_example.c sample module. In particular, make the following function calls and perform the following procedures:

MOCANA_initMocana — Initialize the TrustCore SDK common code base (logging, random number generator, and so on).
MOCANA_initLog — Optionally, register a callback function to the TrustCore SDK logging system.
Create threads for all required TrustCore SDK component servers (e.g., the NanoSec IKE server).
Implement a status-checking loop that runs and sleeps as long as an application running flag is true.
MOCANA_freeMocana — Release memory that was allocated by MOCANA_initMocana.

In this section: