net: Override some nRF Security defaults for networking

rlubos · NordicBuilder · commit 60f158a6befa · 2026-05-04T07:11:35.000Z
* Reduce MBEDTLS_SSL_OUT_CONTENT_LEN / MBEDTLS_SSL_IN_CONTENT_LEN in
  case NET_TEST symbol (enabled in most of the networking tests) is
  enabled. Otherwise, the default is 16k for both, which would require
  larger heap sizes (and thus noup patches)
* PSA_WANT_GENERATE_RANDOM is required for DTLS cookie generation, the
  symbol is NCS-specific, therefore cannot be added to the configuration
  file w/o a noup patch. As DTLS won't work w/o this config enabled
  anyway, make sure it's always enabled with DTLS sockets.

Signed-off-by: Robert Lubos &lt;robert.lubos@nordicsemi.no&gt;
diff --git a/subsys/net/Kconfig b/subsys/net/Kconfig
@@ -9,5 +9,6 @@ rsource "lib/Kconfig"
 rsource "openthread/Kconfig"
 rsource "l2_wifi_if_conn/Kconfig"
 rsource "l2_dect/Kconfig"
+rsource "Kconfig.defconfig"
 
 endmenu
diff --git a/subsys/net/Kconfig.defconfig b/subsys/net/Kconfig.defconfig
@@ -0,0 +1,13 @@
+# Copyright (c) 2026 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# Default configurations for networking subsystem in NCS
+
+if NETWORKING
+
+config NET_SOCKETS_ENABLE_DTLS
+	select PSA_WANT_GENERATE_RANDOM if NRF_SECURITY
+
+endif # NETWORKING
diff --git a/subsys/nrf_security/Kconfig.tls b/subsys/nrf_security/Kconfig.tls
@@ -305,13 +305,15 @@ config MBEDTLS_SSL_OUT_CONTENT_LEN
 	prompt "Max length for TLS outgoing fragments"
 	range 0 16384
 	default 900 if OPENTHREAD_NRF_SECURITY || OPENTHREAD_NRF_SECURITY_PSA
+	default 2048 if NET_TEST
 	default 16384
 
 config MBEDTLS_SSL_IN_CONTENT_LEN
 	prompt "Max length for TLS outgoing fragments"
 	int
 	range 0 16384
 	default 900 if OPENTHREAD_NRF_SECURITY || OPENTHREAD_NRF_SECURITY_PSA
+	default 2048 if NET_TEST
 	default 16384
 
 
