blob: 4438cd4a2348694949a3ffdcf8bafe1ad9a377fe (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
Unofficial wolfSSL Utility
--------------------------
wolfssl-util is a command-line tool for the wolfSSL embedded (SSL/)TLS library.
It is similar to the OpenSSL command-line tool, providing only a limited
`s_client` TLS client command. The primary goal is to provide enough
functionality for use by BusyBox's wget applet.
wolfssl-util's `s_client` command is designed to be stronger by default than
openssl's, as the latter is only meant to be a "diagnostic tool". That is, the
following command:
$ wolfssl-util s_client -quiet -connect ${host}:${port} \
> -servername ${servername}
is roughly equivalent to the more complicated:
$ openssl s_client -quiet -connect ${host}:${port} \
> -servername ${servername} -verify 9 -verify_return_error \
> -no_ssl3 -no_tls1 -no_tls1_1
This utility is in no way authored by or affiliated with wolfSSL Inc. or its
contributors.
Recommended wolfSSL Configuration
---------------------------------
Building wolfSSL with the following configuration options (keeping other
defaults) is recommended for wolfssl-util to perform as a strong modern TLS
implementation:
--enable-maxstrength
--disable-aescbc
--disable-oldtls
--disable-md5
--enable-ocsp
--enable-ocspstapling
--enable-ocspstapling2
--enable-sni
The test suite is written to verify the strength of wolfssl-util linked against
wolfSSL configured with these options.
Copyright
---------
Copyright (C) 2019 Patrick McDermott
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without any warranty.
|
