zephyr/tests/net/socket/tls_configurations/prj.conf

# Kernel options
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_POSIX_API=y
CONFIG_HEAP_MEM_POOL_SIZE=2048

# Generic networking options
CONFIG_NETWORKING=y

# Socket
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y

# Disable native ethernet driver (using native sockets instead)
CONFIG_ETH_NATIVE_POSIX=n

# Use native sockets
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_DRIVERS=y
CONFIG_NET_NATIVE_OFFLOADED_SOCKETS=y

# Mbed TLS configuration
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_BUILTIN=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=60000
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=2048
CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
# Build the PSA Crypto core so that the TLS stack uses the PSA crypto API.
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG=y
CONFIG_ENTROPY_GENERATOR=y

# Disable some Kconfigs that are implied by CONFIG_NET_SOCKETS_SOCKOPT_TLS.
# These are not wrong in general, but specific to a certain case (TLS 1.2 + RSA
# key exchange/certificate + AES encryption). What we want here instead is to
# have a basic configuration in this "prj.conf" file and then add algorithm
# support in overlay files.
CONFIG_MBEDTLS_TLS_VERSION_1_2=n
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=n
CONFIG_MBEDTLS_CIPHER_AES_ENABLED=n
CONFIG_PSA_WANT_KEY_TYPE_AES=n
CONFIG_PSA_WANT_ALG_CBC_NO_PADDING=n

# Logging
CONFIG_LOG=y
CONFIG_PRINTK=y

# Debug log options (optional)
# CONFIG_NET_LOG=y
# CONFIG_MBEDTLS_LOG_LEVEL_DBG=y
# CONFIG_MBEDTLS_DEBUG=y