New menu option to minimize BSSL ROM with only RSA (#6006)

* New menu option to minimize BSSL ROM with only RSA Adds a menu option and define to limit BearSSL to older RSA connection options. This saves ~45K program memory and can speed up connections since EC, while more secure, is significantly slower on the chip. The supported ciphers are identical to the ones that axTLS supported. Fixes #6005 * Add default SSLFLAGS(blank) to platform.txt * Fix unused variable warning * Add clarifying comment to menu items
2025-04-21 10:26:06 +03:00 · 2019-04-25 11:13:26 -07:00 · 2019-04-25 11:13:26 -07:00 · d9b0480f09
commit d9b0480f09
parent 72c21feff6
5 changed files with 173 additions and 4 deletions
--- a/boards.txt
+++ b/boards.txt
@ -21,6 +21,7 @@ menu.exception=Exceptions
 menu.led=Builtin Led
 menu.wipe=Erase Flash
 menu.sdk=Espressif FW
 menu.ssl=SSL Support
 ##############################################################
 generic.name=Generic ESP8266 Module
@ -53,6 +54,10 @@ generic.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 generic.menu.exception.enabled=Enabled
 generic.menu.exception.enabled.build.exception_flags=-fexceptions
 generic.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 generic.menu.ssl.all=All SSL ciphers (most compatible)
 generic.menu.ssl.all.build.sslflags=
 generic.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 generic.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 generic.menu.ResetMethod.ck=ck
 generic.menu.ResetMethod.ck.upload.resetmethod=ck
 generic.menu.ResetMethod.nodemcu=nodemcu
@ -499,6 +504,10 @@ esp8285.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 esp8285.menu.exception.enabled=Enabled
 esp8285.menu.exception.enabled.build.exception_flags=-fexceptions
 esp8285.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 esp8285.menu.ssl.all=All SSL ciphers (most compatible)
 esp8285.menu.ssl.all.build.sslflags=
 esp8285.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 esp8285.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 esp8285.menu.ResetMethod.ck=ck
 esp8285.menu.ResetMethod.ck.upload.resetmethod=ck
 esp8285.menu.ResetMethod.nodemcu=nodemcu
@ -774,6 +783,10 @@ espduino.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 espduino.menu.exception.enabled=Enabled
 espduino.menu.exception.enabled.build.exception_flags=-fexceptions
 espduino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 espduino.menu.ssl.all=All SSL ciphers (most compatible)
 espduino.menu.ssl.all.build.sslflags=
 espduino.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 espduino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 espduino.build.flash_mode=dio
 espduino.build.flash_flags=-DFLASHMODE_DIO
 espduino.build.flash_freq=40
@ -957,6 +970,10 @@ huzzah.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 huzzah.menu.exception.enabled=Enabled
 huzzah.menu.exception.enabled.build.exception_flags=-fexceptions
 huzzah.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 huzzah.menu.ssl.all=All SSL ciphers (most compatible)
 huzzah.menu.ssl.all.build.sslflags=
 huzzah.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 huzzah.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 huzzah.upload.resetmethod=nodemcu
 huzzah.build.flash_mode=qio
 huzzah.build.flash_flags=-DFLASHMODE_QIO
@ -1141,6 +1158,10 @@ inventone.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 inventone.menu.exception.enabled=Enabled
 inventone.menu.exception.enabled.build.exception_flags=-fexceptions
 inventone.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 inventone.menu.ssl.all=All SSL ciphers (most compatible)
 inventone.menu.ssl.all.build.sslflags=
 inventone.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 inventone.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 inventone.upload.resetmethod=nodemcu
 inventone.build.flash_mode=dio
 inventone.build.flash_flags=-DFLASHMODE_DIO
@ -1325,6 +1346,10 @@ cw01.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 cw01.menu.exception.enabled=Enabled
 cw01.menu.exception.enabled.build.exception_flags=-fexceptions
 cw01.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 cw01.menu.ssl.all=All SSL ciphers (most compatible)
 cw01.menu.ssl.all.build.sslflags=
 cw01.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 cw01.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 cw01.upload.resetmethod=nodemcu
 cw01.menu.CrystalFreq.26=26 MHz
 cw01.menu.CrystalFreq.40=40 MHz
@ -1512,6 +1537,10 @@ espresso_lite_v1.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 espresso_lite_v1.menu.exception.enabled=Enabled
 espresso_lite_v1.menu.exception.enabled.build.exception_flags=-fexceptions
 espresso_lite_v1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 espresso_lite_v1.menu.ssl.all=All SSL ciphers (most compatible)
 espresso_lite_v1.menu.ssl.all.build.sslflags=
 espresso_lite_v1.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 espresso_lite_v1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 espresso_lite_v1.build.flash_mode=dio
 espresso_lite_v1.build.flash_flags=-DFLASHMODE_DIO
 espresso_lite_v1.build.flash_freq=40
@ -1699,6 +1728,10 @@ espresso_lite_v2.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 espresso_lite_v2.menu.exception.enabled=Enabled
 espresso_lite_v2.menu.exception.enabled.build.exception_flags=-fexceptions
 espresso_lite_v2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 espresso_lite_v2.menu.ssl.all=All SSL ciphers (most compatible)
 espresso_lite_v2.menu.ssl.all.build.sslflags=
 espresso_lite_v2.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 espresso_lite_v2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 espresso_lite_v2.build.flash_mode=dio
 espresso_lite_v2.build.flash_flags=-DFLASHMODE_DIO
 espresso_lite_v2.build.flash_freq=40
@ -1886,6 +1919,10 @@ phoenix_v1.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 phoenix_v1.menu.exception.enabled=Enabled
 phoenix_v1.menu.exception.enabled.build.exception_flags=-fexceptions
 phoenix_v1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 phoenix_v1.menu.ssl.all=All SSL ciphers (most compatible)
 phoenix_v1.menu.ssl.all.build.sslflags=
 phoenix_v1.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 phoenix_v1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 phoenix_v1.build.flash_mode=dio
 phoenix_v1.build.flash_flags=-DFLASHMODE_DIO
 phoenix_v1.build.flash_freq=40
@ -2073,6 +2110,10 @@ phoenix_v2.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 phoenix_v2.menu.exception.enabled=Enabled
 phoenix_v2.menu.exception.enabled.build.exception_flags=-fexceptions
 phoenix_v2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 phoenix_v2.menu.ssl.all=All SSL ciphers (most compatible)
 phoenix_v2.menu.ssl.all.build.sslflags=
 phoenix_v2.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 phoenix_v2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 phoenix_v2.build.flash_mode=dio
 phoenix_v2.build.flash_flags=-DFLASHMODE_DIO
 phoenix_v2.build.flash_freq=40
@ -2260,6 +2301,10 @@ nodemcu.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 nodemcu.menu.exception.enabled=Enabled
 nodemcu.menu.exception.enabled.build.exception_flags=-fexceptions
 nodemcu.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 nodemcu.menu.ssl.all=All SSL ciphers (most compatible)
 nodemcu.menu.ssl.all.build.sslflags=
 nodemcu.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 nodemcu.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 nodemcu.upload.resetmethod=nodemcu
 nodemcu.build.flash_mode=qio
 nodemcu.build.flash_flags=-DFLASHMODE_QIO
@ -2444,6 +2489,10 @@ nodemcuv2.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 nodemcuv2.menu.exception.enabled=Enabled
 nodemcuv2.menu.exception.enabled.build.exception_flags=-fexceptions
 nodemcuv2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 nodemcuv2.menu.ssl.all=All SSL ciphers (most compatible)
 nodemcuv2.menu.ssl.all.build.sslflags=
 nodemcuv2.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 nodemcuv2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 nodemcuv2.upload.resetmethod=nodemcu
 nodemcuv2.build.flash_mode=dio
 nodemcuv2.build.flash_flags=-DFLASHMODE_DIO
@ -2628,6 +2677,10 @@ modwifi.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 modwifi.menu.exception.enabled=Enabled
 modwifi.menu.exception.enabled.build.exception_flags=-fexceptions
 modwifi.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 modwifi.menu.ssl.all=All SSL ciphers (most compatible)
 modwifi.menu.ssl.all.build.sslflags=
 modwifi.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 modwifi.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 modwifi.upload.resetmethod=ck
 modwifi.build.flash_mode=qio
 modwifi.build.flash_flags=-DFLASHMODE_QIO
@ -2822,6 +2875,10 @@ thing.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 thing.menu.exception.enabled=Enabled
 thing.menu.exception.enabled.build.exception_flags=-fexceptions
 thing.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 thing.menu.ssl.all=All SSL ciphers (most compatible)
 thing.menu.ssl.all.build.sslflags=
 thing.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 thing.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 thing.upload.resetmethod=ck
 thing.build.flash_mode=qio
 thing.build.flash_flags=-DFLASHMODE_QIO
@ -3006,6 +3063,10 @@ thingdev.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 thingdev.menu.exception.enabled=Enabled
 thingdev.menu.exception.enabled.build.exception_flags=-fexceptions
 thingdev.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 thingdev.menu.ssl.all=All SSL ciphers (most compatible)
 thingdev.menu.ssl.all.build.sslflags=
 thingdev.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 thingdev.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 thingdev.upload.resetmethod=nodemcu
 thingdev.build.flash_mode=dio
 thingdev.build.flash_flags=-DFLASHMODE_DIO
@ -3190,6 +3251,10 @@ esp210.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 esp210.menu.exception.enabled=Enabled
 esp210.menu.exception.enabled.build.exception_flags=-fexceptions
 esp210.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 esp210.menu.ssl.all=All SSL ciphers (most compatible)
 esp210.menu.ssl.all.build.sslflags=
 esp210.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 esp210.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 esp210.upload.resetmethod=ck
 esp210.build.flash_mode=qio
 esp210.build.flash_flags=-DFLASHMODE_QIO
@ -3374,6 +3439,10 @@ d1_mini.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 d1_mini.menu.exception.enabled=Enabled
 d1_mini.menu.exception.enabled.build.exception_flags=-fexceptions
 d1_mini.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 d1_mini.menu.ssl.all=All SSL ciphers (most compatible)
 d1_mini.menu.ssl.all.build.sslflags=
 d1_mini.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 d1_mini.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 d1_mini.upload.resetmethod=nodemcu
 d1_mini.build.flash_mode=dio
 d1_mini.build.flash_flags=-DFLASHMODE_DIO
@ -3558,6 +3627,10 @@ d1_mini_pro.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 d1_mini_pro.menu.exception.enabled=Enabled
 d1_mini_pro.menu.exception.enabled.build.exception_flags=-fexceptions
 d1_mini_pro.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 d1_mini_pro.menu.ssl.all=All SSL ciphers (most compatible)
 d1_mini_pro.menu.ssl.all.build.sslflags=
 d1_mini_pro.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 d1_mini_pro.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 d1_mini_pro.upload.resetmethod=nodemcu
 d1_mini_pro.build.flash_mode=dio
 d1_mini_pro.build.flash_flags=-DFLASHMODE_DIO
@ -3725,6 +3798,10 @@ d1_mini_lite.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 d1_mini_lite.menu.exception.enabled=Enabled
 d1_mini_lite.menu.exception.enabled.build.exception_flags=-fexceptions
 d1_mini_lite.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 d1_mini_lite.menu.ssl.all=All SSL ciphers (most compatible)
 d1_mini_lite.menu.ssl.all.build.sslflags=
 d1_mini_lite.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 d1_mini_lite.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 d1_mini_lite.upload.resetmethod=nodemcu
 d1_mini_lite.build.flash_mode=dout
 d1_mini_lite.build.flash_flags=-DFLASHMODE_DOUT
@ -3949,6 +4026,10 @@ d1.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 d1.menu.exception.enabled=Enabled
 d1.menu.exception.enabled.build.exception_flags=-fexceptions
 d1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 d1.menu.ssl.all=All SSL ciphers (most compatible)
 d1.menu.ssl.all.build.sslflags=
 d1.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 d1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 d1.upload.resetmethod=nodemcu
 d1.build.flash_mode=dio
 d1.build.flash_flags=-DFLASHMODE_DIO
@ -4133,6 +4214,10 @@ espino.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 espino.menu.exception.enabled=Enabled
 espino.menu.exception.enabled.build.exception_flags=-fexceptions
 espino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 espino.menu.ssl.all=All SSL ciphers (most compatible)
 espino.menu.ssl.all.build.sslflags=
 espino.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 espino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 espino.menu.ResetMethod.ck=ck
 espino.menu.ResetMethod.ck.upload.resetmethod=ck
 espino.menu.ResetMethod.nodemcu=nodemcu
@ -4320,6 +4405,10 @@ espinotee.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 espinotee.menu.exception.enabled=Enabled
 espinotee.menu.exception.enabled.build.exception_flags=-fexceptions
 espinotee.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 espinotee.menu.ssl.all=All SSL ciphers (most compatible)
 espinotee.menu.ssl.all.build.sslflags=
 espinotee.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 espinotee.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 espinotee.upload.resetmethod=nodemcu
 espinotee.build.flash_mode=qio
 espinotee.build.flash_flags=-DFLASHMODE_QIO
@ -4521,6 +4610,10 @@ wifinfo.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 wifinfo.menu.exception.enabled=Enabled
 wifinfo.menu.exception.enabled.build.exception_flags=-fexceptions
 wifinfo.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 wifinfo.menu.ssl.all=All SSL ciphers (most compatible)
 wifinfo.menu.ssl.all.build.sslflags=
 wifinfo.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 wifinfo.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 wifinfo.upload.resetmethod=nodemcu
 wifinfo.build.flash_mode=qio
 wifinfo.build.flash_flags=-DFLASHMODE_QIO
@ -4760,6 +4853,10 @@ arduino-esp8266.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 arduino-esp8266.menu.exception.enabled=Enabled
 arduino-esp8266.menu.exception.enabled.build.exception_flags=-fexceptions
 arduino-esp8266.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 arduino-esp8266.menu.ssl.all=All SSL ciphers (most compatible)
 arduino-esp8266.menu.ssl.all.build.sslflags=
 arduino-esp8266.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 arduino-esp8266.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 arduino-esp8266.upload.resetmethod=ck
 arduino-esp8266.build.flash_mode=qio
 arduino-esp8266.build.flash_flags=-DFLASHMODE_QIO
@ -4945,6 +5042,10 @@ gen4iod.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 gen4iod.menu.exception.enabled=Enabled
 gen4iod.menu.exception.enabled.build.exception_flags=-fexceptions
 gen4iod.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 gen4iod.menu.ssl.all=All SSL ciphers (most compatible)
 gen4iod.menu.ssl.all.build.sslflags=
 gen4iod.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 gen4iod.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 gen4iod.upload.resetmethod=nodemcu
 gen4iod.build.flash_mode=dio
 gen4iod.build.flash_flags=-DFLASHMODE_DIO
@ -5130,6 +5231,10 @@ oak.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 oak.menu.exception.enabled=Enabled
 oak.menu.exception.enabled.build.exception_flags=-fexceptions
 oak.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 oak.menu.ssl.all=All SSL ciphers (most compatible)
 oak.menu.ssl.all.build.sslflags=
 oak.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 oak.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 oak.upload.resetmethod=none
 oak.build.flash_mode=dio
 oak.build.flash_flags=-DFLASHMODE_DIO
@ -5314,6 +5419,10 @@ wifiduino.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 wifiduino.menu.exception.enabled=Enabled
 wifiduino.menu.exception.enabled.build.exception_flags=-fexceptions
 wifiduino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 wifiduino.menu.ssl.all=All SSL ciphers (most compatible)
 wifiduino.menu.ssl.all.build.sslflags=
 wifiduino.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 wifiduino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 wifiduino.upload.resetmethod=nodemcu
 wifiduino.build.flash_mode=dio
 wifiduino.build.flash_flags=-DFLASHMODE_DIO
@ -5498,6 +5607,10 @@ wifi_slot.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 wifi_slot.menu.exception.enabled=Enabled
 wifi_slot.menu.exception.enabled.build.exception_flags=-fexceptions
 wifi_slot.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 wifi_slot.menu.ssl.all=All SSL ciphers (most compatible)
 wifi_slot.menu.ssl.all.build.sslflags=
 wifi_slot.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 wifi_slot.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 wifi_slot.upload.resetmethod=nodemcu
 wifi_slot.menu.FlashFreq.40=40MHz
 wifi_slot.menu.FlashFreq.40.build.flash_freq=40
@ -5782,6 +5895,10 @@ wiolink.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 wiolink.menu.exception.enabled=Enabled
 wiolink.menu.exception.enabled.build.exception_flags=-fexceptions
 wiolink.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 wiolink.menu.ssl.all=All SSL ciphers (most compatible)
 wiolink.menu.ssl.all.build.sslflags=
 wiolink.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 wiolink.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 wiolink.upload.resetmethod=nodemcu
 wiolink.build.flash_mode=qio
 wiolink.build.flash_flags=-DFLASHMODE_QIO
@ -5966,6 +6083,10 @@ espectro.menu.exception.disabled.build.stdcpp_lib=-lstdc++
 espectro.menu.exception.enabled=Enabled
 espectro.menu.exception.enabled.build.exception_flags=-fexceptions
 espectro.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
 espectro.menu.ssl.all=All SSL ciphers (most compatible)
 espectro.menu.ssl.all.build.sslflags=
 espectro.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
 espectro.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
 espectro.upload.resetmethod=nodemcu
 espectro.build.flash_mode=dio
 espectro.build.flash_flags=-DFLASHMODE_DIO
--- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
@ -744,6 +744,7 @@ extern "C" {
   *    strong enough, and AES-256 is 40% more expensive).
   */
  static const uint16_t suites_P[] PROGMEM = {
 #ifndef BEARSSL_SSL_BASIC
    BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
    BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
    BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@ -780,15 +781,18 @@ extern "C" {
    BR_TLS_RSA_WITH_AES_256_CCM,
    BR_TLS_RSA_WITH_AES_128_CCM_8,
    BR_TLS_RSA_WITH_AES_256_CCM_8,
 #endif
    BR_TLS_RSA_WITH_AES_128_CBC_SHA256,
    BR_TLS_RSA_WITH_AES_256_CBC_SHA256,
    BR_TLS_RSA_WITH_AES_128_CBC_SHA,
    BR_TLS_RSA_WITH_AES_256_CBC_SHA,
 #ifndef BEARSSL_SSL_BASIC
    BR_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
    BR_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
    BR_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
    BR_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
    BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA
 #endif
  };
  // For apps which want to use less secure but faster ciphers, only
@ -826,16 +830,20 @@ extern "C" {
    br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0]));
    br_ssl_client_set_default_rsapub(cc);
    br_ssl_engine_set_default_rsavrfy(&cc->eng);
 #ifndef BEARSSL_SSL_BASIC
    br_ssl_engine_set_default_ecdsa(&cc->eng);
 #endif
    br_ssl_client_install_hashes(&cc->eng);
    br_ssl_engine_set_prf10(&cc->eng, &br_tls10_prf);
    br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf);
    br_ssl_engine_set_prf_sha384(&cc->eng, &br_tls12_sha384_prf);
    br_ssl_engine_set_default_aes_cbc(&cc->eng);
 #ifndef BEARSSL_SSL_BASIC
    br_ssl_engine_set_default_aes_gcm(&cc->eng);
    br_ssl_engine_set_default_aes_ccm(&cc->eng);
    br_ssl_engine_set_default_des_cbc(&cc->eng);
    br_ssl_engine_set_default_chapol(&cc->eng);
 #endif
  }
 }
@ -882,7 +890,14 @@ bool WiFiClientSecure::_installClientX509Validator() {
    if (_knownkey->isRSA()) {
      br_x509_knownkey_init_rsa(_x509_knownkey.get(), _knownkey->getRSA(), _knownkey_usages);
    } else if (_knownkey->isEC()) {
 #ifndef BEARSSL_SSL_BASIC
      br_x509_knownkey_init_ec(_x509_knownkey.get(), _knownkey->getEC(), _knownkey_usages);
 #else
      (void) _knownkey;
      (void) _knownkey_usages;
      DEBUG_BSSL("_installClientX509Validator: Attempting to use EC keys in minimal cipher mode (no EC)\n");
      return false;
 #endif
    }
    br_ssl_engine_set_x509(_eng, &_x509_knownkey->vtable);
  } else {
@ -894,7 +909,9 @@ bool WiFiClientSecure::_installClientX509Validator() {
    }
    br_x509_minimal_init(_x509_minimal.get(), &br_sha256_vtable, _ta ? _ta->getTrustAnchors() : nullptr, _ta ? _ta->getCount() : 0);
    br_x509_minimal_set_rsa(_x509_minimal.get(), br_ssl_engine_get_rsavrfy(_eng));
 #ifndef BEARSSL_SSL_BASIC
    br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng));
 #endif
    br_x509_minimal_install_hashes(_x509_minimal.get());
    if (_now) {
      // Magic constants convert to x509 times
@ -953,9 +970,15 @@ bool WiFiClientSecure::_connectSSL(const char* hostName) {
    br_ssl_client_set_single_rsa(_sc.get(), _chain ? _chain->getX509Certs() : nullptr, _chain ? _chain->getCount() : 0,
                                 _sk->getRSA(), br_rsa_pkcs1_sign_get_default());
  } else if (_sk && _sk->isEC()) {
 #ifndef BEARSSL_SSL_BASIC
    br_ssl_client_set_single_ec(_sc.get(), _chain ? _chain->getX509Certs() : nullptr, _chain ? _chain->getCount() : 0,
                                _sk->getEC(), _allowed_usages,
                                _cert_issuer_key_type, br_ec_get_default(), br_ecdsa_sign_asn1_get_default());
 #else
    _freeSSL();
    DEBUG_BSSL("_connectSSL: Attempting to use EC cert in minimal cipher mode (no EC)\n");
    return false;
 #endif
  }
  // Restore session from the storage spot, if present
@ -997,9 +1020,13 @@ bool WiFiClientSecure::_installServerX509Validator(const X509List *client_CA_ta)
    }
    br_x509_minimal_init(_x509_minimal.get(), &br_sha256_vtable, _ta->getTrustAnchors(), _ta->getCount());
    br_ssl_engine_set_default_rsavrfy(_eng);
 #ifndef BEARSSL_SSL_BASIC
    br_ssl_engine_set_default_ecdsa(_eng);
 #endif
    br_x509_minimal_set_rsa(_x509_minimal.get(), br_ssl_engine_get_rsavrfy(_eng));
 #ifndef BEARSSL_SSL_BASIC
    br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng));
 #endif
    br_x509_minimal_install_hashes(_x509_minimal.get());
    if (_now) {
      // Magic constants convert to x509 times
@ -1048,6 +1075,7 @@ bool WiFiClientSecure::_connectSSLServerRSA(const X509List *chain,
 bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain,
    unsigned cert_issuer_key_type, const PrivateKey *sk,
    const X509List *client_CA_ta) {
 #ifndef BEARSSL_SSL_BASIC
  _freeSSL();
  _oom_err = false;
  _sc_svr = std::make_shared<br_ssl_server_context>();
@ -1076,6 +1104,14 @@ bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain,
  }
  return _wait_for_handshake();
 #else
  (void) chain;
  (void) cert_issuer_key_type;
  (void) sk;
  (void) client_CA_ta;
  DEBUG_BSSL("_connectSSLServerEC: Attempting to use EC cert in minimal cipher mode (no EC)\n");
  return false;
 #endif
 }
 // Returns an error ID and possibly a string (if dest != null) of the last
--- a/platform.txt
+++ b/platform.txt
@ -30,6 +30,8 @@ build.lwip_flags=-DLWIP_OPEN_SRC
 build.vtable_flags=-DVTABLES_IN_FLASH
 build.sslflags=
 build.exception_flags=-fno-exceptions
 build.stdcpp_lib=-lstdc++
@ -44,7 +46,7 @@ compiler.libc.path={runtime.platform.path}/tools/sdk/libc/xtensa-lx106-elf
 compiler.cpreprocessor.flags=-D__ets__ -DICACHE_FLASH -U__STRICT_ANSI__ "-I{compiler.sdk.path}/include" "-I{compiler.sdk.path}/{build.lwip_include}" "-I{compiler.libc.path}/include" "-I{build.path}/core"
 compiler.c.cmd=xtensa-lx106-elf-gcc
-compiler.c.flags=-c {compiler.warning_flags} -Os -g -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mtext-section-literals -falign-functions=4 -MMD -std=gnu99 -ffunction-sections -fdata-sections {build.exception_flags}
+compiler.c.flags=-c {compiler.warning_flags} -Os -g -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mtext-section-literals -falign-functions=4 -MMD -std=gnu99 -ffunction-sections -fdata-sections {build.exception_flags} {build.sslflags}
 compiler.S.cmd=xtensa-lx106-elf-gcc
 compiler.S.flags=-c -g -x assembler-with-cpp -MMD -mlongcalls
@ -55,7 +57,7 @@ compiler.c.elf.cmd=xtensa-lx106-elf-gcc
 compiler.c.elf.libs=-lhal -lphy -lpp -lnet80211 {build.lwip_lib} -lwpa -lcrypto -lmain -lwps -lbearssl -laxtls -lespnow -lsmartconfig -lairkiss -lwpa2 {build.stdcpp_lib} -lm -lc -lgcc
 compiler.cpp.cmd=xtensa-lx106-elf-g++
-compiler.cpp.flags=-c {compiler.warning_flags} -Os -g -mlongcalls -mtext-section-literals -fno-rtti -falign-functions=4 -std=c++11 -MMD -ffunction-sections -fdata-sections {build.exception_flags}
+compiler.cpp.flags=-c {compiler.warning_flags} -Os -g -mlongcalls -mtext-section-literals -fno-rtti -falign-functions=4 -std=c++11 -MMD -ffunction-sections -fdata-sections {build.exception_flags} {build.sslflags}
 compiler.as.cmd=xtensa-lx106-elf-as
--- a/tools/boards.txt.py
+++ b/tools/boards.txt.py
@ -1074,6 +1074,15 @@ macros = {
        ( '.menu.wipe.all.upload.erase_cmd', 'erase_flash' ),
        ]),
    ######################## SSL supported protocols
    'ssl_cipher_menu': collections.OrderedDict([
        ( '.menu.ssl.all', 'All SSL ciphers (most compatible)' ),
        ( '.menu.ssl.all.build.sslflags', ''),
        ( '.menu.ssl.basic', 'Basic SSL ciphers (lower ROM use)' ),
        ( '.menu.ssl.basic.build.sslflags', '-DBEARSSL_SSL_BASIC'),
        ]),
    }
 ################################################################
@ -1384,6 +1393,7 @@ def all_boards ():
    print('menu.led=Builtin Led')
    print('menu.wipe=Erase Flash')
    print('menu.sdk=Espressif FW')
    print('menu.ssl=SSL Support')
    print('')
    for id in boards:
@ -1397,7 +1407,7 @@ def all_boards ():
                print(id + optname + '=' + board['opts'][optname])
        # macros
-        macrolist = [ 'defaults', 'cpufreq_menu', 'vtable_menu', 'exception_menu' ]
+        macrolist = [ 'defaults', 'cpufreq_menu', 'vtable_menu', 'exception_menu', 'ssl_cipher_menu' ]
        if 'macro' in board:
            macrolist += board['macro']
        if lwip == 2: