Add SSL_CIPHERSUITES config option
This commit is contained in:
parent
791684c058
commit
dfc7df0bec
3 changed files with 27 additions and 0 deletions
|
@ -20,6 +20,8 @@ Features
|
|||
* Optimize for RAM usage in example config.h for NSA Suite B profile.
|
||||
* Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites
|
||||
from the default list (inactive by default).
|
||||
* Add SSL_CIPHERSUITES config.h flag to allow specifying a list of
|
||||
ciphersuites to use and save some memory if the list is small.
|
||||
|
||||
Changes
|
||||
* Add LINK_WITH_PTHREAD option in CMake for explicit linking that is
|
||||
|
|
|
@ -2155,6 +2155,20 @@
|
|||
//#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
|
||||
//#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
|
||||
|
||||
/**
|
||||
* Complete list of ciphersuites to use, in order of preference.
|
||||
*
|
||||
* \warning No dependency checking is done on that field! This option can only
|
||||
* be used to restrict the set of available ciphersuites. It is your
|
||||
* responsibility to make sure the needed modules are active.
|
||||
*
|
||||
* Use this to save a few hundred bytes of ROM (default ordering of all
|
||||
* available ciphersuites) and a few to a few hundred bytes of RAM.
|
||||
*
|
||||
* The value below is only an example, not the default.
|
||||
*/
|
||||
//#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
|
||||
/* Debug options */
|
||||
//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
|
||||
|
||||
|
|
|
@ -57,6 +57,9 @@
|
|||
*/
|
||||
static const int ciphersuite_preference[] =
|
||||
{
|
||||
#if defined(SSL_CIPHERSUITES)
|
||||
SSL_CIPHERSUITES,
|
||||
#else
|
||||
/* All AES-256 ephemeral suites */
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
|
@ -257,6 +260,7 @@ static const int ciphersuite_preference[] =
|
|||
TLS_PSK_WITH_NULL_SHA256,
|
||||
TLS_PSK_WITH_NULL_SHA,
|
||||
|
||||
#endif
|
||||
0
|
||||
};
|
||||
|
||||
|
@ -1675,6 +1679,12 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
{ 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
|
||||
};
|
||||
|
||||
#if defined(SSL_CIPHERSUITES)
|
||||
const int *ssl_list_ciphersuites( void )
|
||||
{
|
||||
return( ciphersuite_preference );
|
||||
}
|
||||
#else
|
||||
#define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \
|
||||
sizeof( ciphersuite_definitions[0] )
|
||||
static int supported_ciphersuites[MAX_CIPHERSUITES];
|
||||
|
@ -1711,6 +1721,7 @@ const int *ssl_list_ciphersuites( void )
|
|||
|
||||
return( supported_ciphersuites );
|
||||
};
|
||||
#endif /* SSL_CIPHERSUITES */
|
||||
|
||||
const ssl_ciphersuite_t *ssl_ciphersuite_from_string(
|
||||
const char *ciphersuite_name )
|
||||
|
|
Loading…
Reference in a new issue