config FREETZ_LIB_libcrypto bool "OpenSSL cryptographic library (libcrypto.so)" select FREETZ_LIB_libdl if FREETZ_TARGET_UCLIBC_HAS_multiple_libs select FREETZ_LIB_libpthread if FREETZ_TARGET_UCLIBC_HAS_multiple_libs && FREETZ_OPENSSL_VERSION_2_MIN select FREETZ_OPENSSL_VERSION_PROMPT default n help crypto - OpenSSL cryptographic library The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards. libcrypto consists of a number of sub-libraries that implement the individual algorithms. The functionality includes symmetric encryption, public key cryptography and key agreement, certificate handling, cryptographic hash functions and a cryptographic pseudo-random number generator. config FREETZ_LIB_libssl bool "OpenSSL SSL/TLS library (libssl.so)" depends on FREETZ_LIB_libcrypto select FREETZ_LIB_libdl if FREETZ_TARGET_UCLIBC_HAS_multiple_libs default n help SSL - OpenSSL SSL/TLS library The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It provides a rich API. config FREETZ_OPENSSL_VERSION_1_REQUIRED bool default n config FREETZ_OPENSSL_VERSION_PROMPT bool default n if FREETZ_OPENSSL_VERSION_PROMPT choice prompt "OpenSSL version" default FREETZ_OPENSSL_VERSION_2 if FREETZ_SHOW_DEVELOPER default FREETZ_OPENSSL_VERSION_1 help Version 0.9.8: - NOT supported by the OpenSSL development team anymore (s. https://www.openssl.org/policies/releasestrat.html) - could be used (with some limitations) as a replacement for AVM's OpenSSL library Version 1.0.2: - NOT supported by the OpenSSL development team anymore (s. https://www.openssl.org/policies/releasestrat.html) - Long Term Support (LTS) version, supported until 2019-12-31 Version 1.1.1: - Long Term Support (LTS) version, supported until 2023-09-11 Version 3.0.0: - ALPHA version config FREETZ_OPENSSL_VERSION_0 bool "0.9.8 - DEPRECATED" depends on FREETZ_AVM_HAS_OPENSSL_VERSION_0 depends on !FREETZ_OPENSSL_VERSION_1_REQUIRED config FREETZ_OPENSSL_VERSION_1 bool "1.0.2 - DEPRECATED" config FREETZ_OPENSSL_VERSION_2 bool "1.1.1 - EXPERIMENTAL" depends on FREETZ_SHOW_DEVELOPER config FREETZ_OPENSSL_VERSION_3 bool "3.0.0 - EXPERIMENTAL" depends on FREETZ_SHOW_DEVELOPER endchoice config FREETZ_OPENSSL_SHLIB_VERSION string default "0.9.8" if FREETZ_OPENSSL_VERSION_0 default "1.0.0" if FREETZ_OPENSSL_VERSION_1 default "1.1" if FREETZ_OPENSSL_VERSION_2 default "3" if FREETZ_OPENSSL_VERSION_3 config FREETZ_OPENSSL_LIBCRYPTO_EXTRA_LIBS string default "-ldl -pthread -lz" if FREETZ_OPENSSL_VERSION_2_MIN && FREETZ_LIB_libcrypto_WITH_ZLIB default "-ldl -pthread" if FREETZ_OPENSSL_VERSION_2_MIN default "-ldl -lz" if FREETZ_OPENSSL_VERSION_1_MAX && FREETZ_LIB_libcrypto_WITH_ZLIB default "-ldl" if FREETZ_OPENSSL_VERSION_1_MAX menu "OpenSSL configuration" config FREETZ_LIB_libcrypto_WITH_EC bool "Support elliptic curve cryptography" default n help Enable support for elliptic curve cryptography (ECDSA/ECDH/ECDHE) config FREETZ_LIB_libcrypto_WITH_RC4 bool "Support RC4 cipher (NOT RECOMMENDED)" default n help Enable support for RC4 cipher. NOT RECOMMENDED, please enable it only if absolutely necessary. As of 2015, there is speculation that some state cryptologic agencies may possess the capability to break RC4 when used in the TLS protocol[1]. IETF has published RFC 7465 to prohibit the use of RC4 in TLS[2]. Mozilla[3] and Microsoft[4] have issued similar recommendations. [1] http://www.theregister.co.uk/2013/09/06/nsa_cryptobreaking_bullrun_analysis/ [2] https://tools.ietf.org/html/rfc7465 [3] https://wiki.mozilla.org/Security/Server_Side_TLS [4] https://blogs.technet.microsoft.com/srd/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4/ config FREETZ_LIB_libcrypto_WITH_ZLIB bool "Build with zlib support" depends on !FREETZ_OPENSSL_VERSION_0 select FREETZ_LIB_libz default n config FREETZ_OPENSSL_SMALL_FOOTPRINT bool "Reduce the footprint of OpenSSL libraries" default y help Build a version with smaller memory/storage footprint. config FREETZ_OPENSSL_CONFIG_DIR string "OpenSSL configuration directory" default "/mod/etc/ssl" help The location of OpenSSL directory, where several files (configuration settings, private key, certificates, etc.) can be found. endmenu config FREETZ_OPENSSL_VERSION_1_MIN def_bool y depends on \ FREETZ_OPENSSL_VERSION_1 || \ FREETZ_OPENSSL_VERSION_2_MIN config FREETZ_OPENSSL_VERSION_2_MIN def_bool y depends on \ FREETZ_OPENSSL_VERSION_2 || \ FREETZ_OPENSSL_VERSION_3_MIN config FREETZ_OPENSSL_VERSION_3_MIN def_bool y depends on \ FREETZ_OPENSSL_VERSION_3 config FREETZ_OPENSSL_VERSION_1_MAX def_bool y depends on \ FREETZ_OPENSSL_VERSION_1 || \ FREETZ_OPENSSL_VERSION_0 config FREETZ_OPENSSL_VERSION_2_MAX def_bool y depends on \ FREETZ_OPENSSL_VERSION_2 || \ FREETZ_OPENSSL_VERSION_1_MAX endif # FREETZ_OPENSSL_VERSION_PROMPT