1 /* 2 By default wolfSSL has a very conservative configuration that can result in 3 connections to servers failing due to certificate or algorithm problems. 4 To remedy this issue for libcurl I've generated this options file that 5 build-wolfssl will copy to the wolfSSL include directories and will result in 6 maximum compatibility. 7 8 These are the configure options that were used to build wolfSSL v3.9.0 in mingw 9 and generate the options in this file: 10 11 C_EXTRA_FLAGS="\ 12 -Wno-attributes \ 13 -Wno-unused-but-set-variable \ 14 -DFP_MAX_BITS=16384 \ 15 -DTFM_TIMING_RESISTANT \ 16 -DWOLFSSL_STATIC_DH \ 17 -DWOLFSSL_STATIC_RSA \ 18 " \ 19 ./configure --prefix=/usr/local \ 20 --enable-aesgcm \ 21 --enable-alpn \ 22 --enable-certgen \ 23 --enable-dh \ 24 --enable-dsa \ 25 --enable-ecc \ 26 --enable-fastmath \ 27 --enable-opensslextra \ 28 --enable-ripemd \ 29 --enable-sessioncerts \ 30 --enable-sha512 \ 31 --enable-sni \ 32 --enable-sslv3 \ 33 --enable-supportedcurves \ 34 --enable-testcert \ 35 > config.out 2>&1 36 37 Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they 38 are inapplicable for our Visual Studio build. Currently thread local storage is 39 only used by the Fixed Point cache ECC which we're not enabling. However even 40 if we later may decide to enable the cache it will fallback on mutexes when 41 thread local storage is not available. wolfSSL is using __declspec(thread) to 42 create the thread local storage and that could be a problem for LoadLibrary. 43 44 Regarding the options that were added via C_EXTRA_FLAGS: 45 46 FP_MAX_BITS=16384 47 http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html 48 "Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath 49 buffer size. You can do this using the define: 50 FP_MAX_BITS and setting it to 8192." 51 52 TFM_TIMING_RESISTANT 53 https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html 54 From section 2.4.5 Increasing Performance, USE_FAST_MATH: 55 "Because the stack memory usage can be larger when using fastmath, we recommend 56 defining TFM_TIMING_RESISTANT as well when using this option." 57 58 WOLFSSL_STATIC_DH: Allow TLS_ECDH_ ciphers 59 WOLFSSL_STATIC_RSA: Allow TLS_RSA_ ciphers 60 https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1 61 Static key cipher suites are deprecated and disabled by default since v3.6.6. 62 */ 63 64 /* wolfssl options.h 65 * generated from configure options 66 * 67 * Copyright (C) 2006-2015 wolfSSL Inc. 68 * 69 * This file is part of wolfSSL. (formerly known as CyaSSL) 70 * 71 */ 72 73 #ifndef WOLFSSL_OPTIONS_H 74 #define WOLFSSL_OPTIONS_H 75 76 77 #ifdef __cplusplus 78 extern "C" { 79 #endif 80 81 #undef FP_MAX_BITS 82 #define FP_MAX_BITS 16384 83 84 #undef TFM_TIMING_RESISTANT 85 #define TFM_TIMING_RESISTANT 86 87 #undef WOLFSSL_STATIC_DH 88 #define WOLFSSL_STATIC_DH 89 90 #undef WOLFSSL_STATIC_RSA 91 #define WOLFSSL_STATIC_RSA 92 93 #undef OPENSSL_EXTRA 94 #define OPENSSL_EXTRA 95 96 #undef HAVE_AESGCM 97 #define HAVE_AESGCM 98 99 #undef WOLFSSL_RIPEMD 100 #define WOLFSSL_RIPEMD 101 102 #undef WOLFSSL_SHA512 103 #define WOLFSSL_SHA512 104 105 #undef WOLFSSL_SHA384 106 #define WOLFSSL_SHA384 107 108 #undef SESSION_CERTS 109 #define SESSION_CERTS 110 111 #undef WOLFSSL_CERT_GEN 112 #define WOLFSSL_CERT_GEN 113 114 #undef HAVE_ECC 115 #define HAVE_ECC 116 117 #undef TFM_ECC256 118 #define TFM_ECC256 119 120 #undef ECC_SHAMIR 121 #define ECC_SHAMIR 122 123 #undef WOLFSSL_ALLOW_SSLV3 124 #define WOLFSSL_ALLOW_SSLV3 125 126 #undef NO_RC4 127 #define NO_RC4 128 129 #undef NO_HC128 130 #define NO_HC128 131 132 #undef NO_RABBIT 133 #define NO_RABBIT 134 135 #undef HAVE_POLY1305 136 #define HAVE_POLY1305 137 138 #undef HAVE_ONE_TIME_AUTH 139 #define HAVE_ONE_TIME_AUTH 140 141 #undef HAVE_CHACHA 142 #define HAVE_CHACHA 143 144 #undef HAVE_HASHDRBG 145 #define HAVE_HASHDRBG 146 147 #undef HAVE_TLS_EXTENSIONS 148 #define HAVE_TLS_EXTENSIONS 149 150 #undef HAVE_SNI 151 #define HAVE_SNI 152 153 #undef HAVE_TLS_EXTENSIONS 154 #define HAVE_TLS_EXTENSIONS 155 156 #undef HAVE_ALPN 157 #define HAVE_ALPN 158 159 #undef HAVE_TLS_EXTENSIONS 160 #define HAVE_TLS_EXTENSIONS 161 162 #undef HAVE_SUPPORTED_CURVES 163 #define HAVE_SUPPORTED_CURVES 164 165 #undef WOLFSSL_TEST_CERT 166 #define WOLFSSL_TEST_CERT 167 168 #undef NO_PSK 169 #define NO_PSK 170 171 #undef NO_MD4 172 #define NO_MD4 173 174 #undef USE_FAST_MATH 175 #define USE_FAST_MATH 176 177 178 #ifdef __cplusplus 179 } 180 #endif 181 182 183 #endif /* WOLFSSL_OPTIONS_H */ 184 185