summaryrefslogtreecommitdiffstats
path: root/README
blob: a2cf01f73df6276b0e57c5ecb08cf448e66d38f5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
Unofficial wolfSSL Utility
--------------------------

wolfssl-util is a command-line tool for the wolfSSL embedded (SSL/)TLS
library.  It is similar to the OpenSSL command-line tool, providing only
a limited `s_client` TLS client command.  The primary goal is to provide
enough functionality for use by BusyBox's wget applet.

wolfssl-util's `s_client` command is designed to be stronger by default
than OpenSSL's, as the latter is only meant to be a "diagnostic tool".
That is, the following command:

    $ wolfssl s_client -quiet -connect ${host}:${port} \
    > -servername ${servername}

is roughly equivalent to the more complicated:

    $ openssl s_client -quiet -connect ${host}:${port} \
    > -servername ${servername} -verify 9 -verify_return_error \
    > -no_ssl3 -no_tls1 -no_tls1_1

This utility is in no way authored by or affiliated with wolfSSL Inc. or
its contributors.

Recommended wolfSSL Configuration
---------------------------------

Building wolfSSL with the following configuration options (keeping other
defaults) is recommended for wolfssl-util to perform as a strong modern
TLS implementation:

    --enable-maxstrength
    --disable-aescbc
    --disable-oldtls
    --disable-md5
    --enable-ocsp
    --enable-ocspstapling
    --enable-ocspstapling2
    --enable-sni

The test suite is written to verify the strength of wolfssl-util linked
against wolfSSL configured with these options.

Copyright
---------

Copyright (C) 2019  Patrick McDermott

Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.  This file is offered as-is,
without any warranty.