arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code
esp8266/ssl/Config.in
cameronrich f8e703ed65 Updated LGPL licenses 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@12 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2006-07-04 21:47:18 +00:00

251 lines
8.3 KiB
Plaintext
Raw Blame History

#
# For a description of the syntax of this configuration file,
# see scripts/config/Kconfig-language.txt
#
menu "SSL Library"
choice
prompt "Mode"
default CONFIG_SSL_FULL_MODE
config CONFIG_SSL_SERVER_ONLY
bool "Server only - no verification"
help
Enable server functionality (no client functionality).
This mode still supports sessions and chaining (which can be turned
off in configuration).
The axssl sample runs with the minimum of features.
This is the most space efficient of the modes with the library
about 45kB in size. Use this mode if you are doing standard SSL server
work.
config CONFIG_SSL_CERT_VERIFICATION
bool "Server only - with verification"
help
Enable server functionality with client authentication (no client
functionality).
The axssl sample runs with the "-verify" and "-CAfile" options.
This mode produces a library about 49kB in size. Use this mode if you
have an SSL server which requires client authentication (which is
uncommon in browser applications).
config CONFIG_SSL_ENABLE_CLIENT
bool "Client/Server enabled"
help
Enable client/server functionality (including peer authentication).
The axssl sample runs with the "s_client" option enabled.
This mode produces a library about 51kB in size. Use this mode if you
require axTLS to use SSL client functionality (the SSL server code
is always enabled).
config CONFIG_SSL_FULL_MODE
bool "Client/Server enabled with diagnostics"
help
Enable client/server functionality including diagnostics. Most of the
extra size in this mode is due to the storage of various strings that
are used.
The axssl sample has 3 more options, "-debug", "-state" and "-show-rsa"
This mode produces a library about 58kB in size. It is suggested that
this mode is used only during development.
It is the default to demonstrate the features of axTLS.
config CONFIG_SSL_SKELETON_MODE
bool "Skeleton mode - the smallest server mode"
help
This is an experiment to build the smallest library at the expense of
features and speed.
* Server mode only.
* The AES cipher is disabled.
* No session resumption.
* No external keys/certificates are supported.
* The bigint library has most of the performance features disabled.
* Some other features/API calls may not work.
This mode produces a library about 37kB in size. The main
disadvantage of this mode is speed - it may be several times slower
than the other build modes.
endchoice
choice
prompt "Protocol Preference"
depends on !CONFIG_SSL_SKELETON_MODE
default CONFIG_SSL_PROT_MEDIUM
config CONFIG_SSL_PROT_LOW
bool "Low"
help
Chooses the cipher in the order of RC4-SHA, AES128-SHA, AES256-SHA.
This will use the fastest cipher(s) but at the expense of security.
config CONFIG_SSL_PROT_MEDIUM
bool "Medium"
help
Chooses the cipher in the order of AES128-SHA, AES256-SHA, RC4-SHA.
This mode is a balance between speed and security and is the default.
config CONFIG_SSL_PROT_HIGH
bool "High"
help
Chooses the cipher in the order of AES256-SHA, AES128-SHA, RC4-SHA.
This will use the strongest cipher(s) at the cost of speed.
endchoice
config CONFIG_SSL_USE_DEFAULT_KEY
bool "Enable default key"
depends on !CONFIG_SSL_SKELETON_MODE
default y
help
Some applications will not require the default private key/certificate
that is built in. This is one way to save on a couple of kB's if an
external private key/certificate is used.
The advantage of a built-in private key/certificate is that no file
system is required for access.
However this private key/certificate can never be changed (without a
code update).
This mode is enabled by default. Disable this mode if the
built-in key/certificate is not used.
config CONFIG_SSL_ENABLE_V23_HANDSHAKE
bool "Enable v23 Handshake"
default y
help
Some browsers use the v23 handshake client hello message
(an SSL2 format message which all SSL servers can understand).
It may be used if SSL2 is enabled in the browser.
Since this feature takes a kB or so, this feature may be disabled - at
the risk of making it incompatible with some browsers (IE6 is ok,
Firefox/Opera may be a problem - see Mozilla bug report 148876).
Disable if backwards compatibility is not an issue (i.e. the client is
always using TLS1.0)
config CONFIG_SSL_HAS_PEM
bool "Enable PEM"
default n if !CONFIG_SSL_FULL_MODE
default y if CONFIG_SSL_FULL_MODE
depends on !CONFIG_SSL_SKELETON_MODE
help
Enable the use of PEM format for certificates and private keys.
PEM is not normally needed - PEM files can be converted into DER files
quite easily. However they have the convenience of allowing multiple
certificates/keys in the same file.
This feature will add a couple of kB to the library.
Disable if PEM is not used (which will be in most cases).
config CONFIG_SSL_USE_PKCS12
bool "Use PKCS8/PKCS12"
default n if !CONFIG_SSL_FULL_MODE
default y if CONFIG_SSL_FULL_MODE
depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
help
PKCS#12 certificates combine private keys and certificates together in
one file.
PKCS#8 private keys are also suppported (as it is a subset of PKCS#12).
The decryption of these certificates uses RC4-128 (and these
certificates must be encrypted using this cipher). The actual
algorithm is "PBE-SHA1-RC4-128".
Disable if PKCS#12 is not used (which will be in most cases).
config CONFIG_SSL_EXPIRY_TIME
int "Session expiry time (in hours)"
depends on !CONFIG_SSL_SKELETON_MODE
default 24
help
The time (in hours) before a session expires.
A longer time means that the expensive parts of a handshake don't
need to be run when a client reconnects later.
The default is 1 day.
config CONFIG_X509_MAX_CA_CERTS
int "Maximum number of certificate authorites"
default 4
depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
help
Determines the number of CA's allowed.
Increase this figure if more trusted sites are allowed. Each
certificate adds about 300 bytes (when added).
The default is to allow four certification authorities.
config CONFIG_SSL_MAX_CERTS
int "Maximum number of chained certificates"
default 2
help
Determines the number of certificates used in a certificate
chain. The chain length must be at least 1.
Increase this figure if more certificates are to be added to the
chain. Each certificate adds about 300 bytes (when added).
The default is to allow one certificate + 1 certificate in the chain
(which may be the certificate authority certificate).
config CONFIG_USE_DEV_URANDOM
bool "Use /dev/urandom"
default y
depends on !CONFIG_PLATFORM_WIN32
help
Use /dev/urandom. Otherwise a custom RNG is used.
This will be the default on most Linux systems.
config CONFIG_WIN32_USE_CRYPTO_LIB
bool "Use Win32 Crypto Library"
default y if !CONFIG_VISUAL_STUDIO_6_0
default n if CONFIG_VISUAL_STUDIO_6_0
depends on CONFIG_PLATFORM_WIN32
help
Microsoft produce a Crypto API which requires the Platform SDK to be
installed. It's used for the RNG.
This will be the default on most Win32 systems. If using Visual Studio
6.0, then the SDK containing the crypto libraries must be used.
config CONFIG_PERFORMANCE_TESTING
bool "Build the bigint performance test tool"
default n
help
Used for performance testing of bigint.
This is a testing tool and is normally disabled.
config CONFIG_SSL_TEST
bool "Build the SSL testing tool"
default n
depends on CONFIG_SSL_FULL_MODE
help
Used for sanity checking the SSL handshaking.
This is a testing tool and is normally disabled.
endmenu
View Git Blame Copy Permalink