config FREETZ_LIB_libcrypto bool "OpenSSL cryptographic library (libcrypto.so)" select FREETZ_LIB_libdl select FREETZ_OPENSSL_VERSION_PROMPT default n help crypto - OpenSSL cryptographic library The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards. libcrypto consists of a number of sub-libraries that implement the individual algorithms. The functionality includes symmetric encryption, public key cryptography and key agreement, certificate handling, cryptographic hash functions and a cryptographic pseudo-random number generator. config FREETZ_LIB_libssl bool "OpenSSL SSL/TLS library (libssl.so)" depends on FREETZ_LIB_libcrypto select FREETZ_LIB_libdl default n help SSL - OpenSSL SSL/TLS library The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It provides a rich API. config FREETZ_OPENSSL_VERSION_PROMPT bool default n config FREETZ_OPENSSL_VERSION_1_REQUIRED bool default n choice depends on FREETZ_OPENSSL_VERSION_PROMPT prompt "OpenSSL version" default FREETZ_OPENSSL_VERSION_1 help version 0.9.8: - NOT supported by the OpenSSL development team anymore (s. https://www.openssl.org/policies/releasestrat.html) - could be used (with some limitations) as a replacement for AVM's OpenSSL library version 1.0.2: - Long Term Support (LTS) version, supported until 2019-12-31 - could NOT be used as a replacement for AVM's OpenSSL library config FREETZ_OPENSSL_VERSION_0 bool "0.9.8 - avoid using, out of support" depends on FREETZ_AVM_HAS_OPENSSL_VERSION_0 depends on !FREETZ_OPENSSL_VERSION_1_REQUIRED config FREETZ_OPENSSL_VERSION_1 bool "1.0.2" endchoice config FREETZ_OPENSSL_SHLIB_VERSION depends on FREETZ_OPENSSL_VERSION_PROMPT string default "0.9.8" if FREETZ_OPENSSL_VERSION_0 default "1.0.0" if FREETZ_OPENSSL_VERSION_1 config FREETZ_OPENSSL_LIBCRYPTO_EXTRA_LIBS string default "-ldl -lz" if FREETZ_LIB_libcrypto_WITH_ZLIB default "-ldl" menu "OpenSSL configuration" depends on FREETZ_OPENSSL_VERSION_PROMPT config FREETZ_LIB_libcrypto_WITH_EC bool "Support elliptic curve cryptography" default n help Enable support for elliptic curve cryptography (ECDSA/ECDH/ECDHE) config FREETZ_LIB_libcrypto_WITH_RC4 bool "Support RC4 cipher (NOT RECOMMENDED)" default n help Enable support for RC4 cipher. NOT RECOMMENDED, please enable it only if absolutely necessary. As of 2015, there is speculation that some state cryptologic agencies may possess the capability to break RC4 when used in the TLS protocol[1]. IETF has published RFC 7465 to prohibit the use of RC4 in TLS[2]. Mozilla[3] and Microsoft[4] have issued similar recommendations. [1] http://www.theregister.co.uk/2013/09/06/nsa_cryptobreaking_bullrun_analysis/ [2] https://tools.ietf.org/html/rfc7465 [3] https://wiki.mozilla.org/Security/Server_Side_TLS [4] https://blogs.technet.microsoft.com/srd/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4/ config FREETZ_LIB_libcrypto_WITH_ZLIB bool "Build with zlib support" depends on FREETZ_OPENSSL_VERSION_1 select FREETZ_LIB_libz default n config FREETZ_OPENSSL_SMALL_FOOTPRINT bool "Reduce the footprint of OpenSSL libraries" default y help Build a version with smaller memory/storage footprint. config FREETZ_OPENSSL_CONFIG_DIR string "OpenSSL configuration directory" default "/mod/etc/ssl" help The location of OpenSSL directory, where several files (configuration settings, private key, certificates, etc.) can be found. endmenu