summaryrefslogtreecommitdiffstats
path: root/README
blob: e94892d883075b093f0b57ae73bd4b36e9e12a54 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
Unofficial wolfSSL Utility
--------------------------

wolfutil is a command-line tool for the wolfSSL embedded (SSL/)TLS
library.  It is similar to the OpenSSL command-line tool, providing only
a limited `s_client` TLS client command.  The primary goal is to provide
enough functionality for use by BusyBox's wget applet.

wolfutil's `s_client` command is designed to be stronger by default than
OpenSSL's, as the latter is only meant to be a "diagnostic tool".  That
is, the following command:

    $ wolfutil s_client -quiet -connect ${host}:${port} \
    > -servername ${servername}

is roughly equivalent to the more complicated:

    $ openssl s_client -quiet -connect ${host}:${port} \
    > -servername ${servername} -verify 9 -verify_return_error \
    > -no_ssl3 -no_tls1 -no_tls1_1

This utility is in no way authored by or affiliated with wolfSSL Inc. or
its contributors.

Recommended wolfSSL Configuration
---------------------------------

Building wolfSSL with the following configuration options (keeping other
defaults) is recommended for wolfutil to perform as a strong modern TLS
implementation:

    --enable-maxstrength
    --disable-aescbc
    --disable-oldtls
    --disable-md5
    --enable-ocsp
    --enable-ocspstapling
    --enable-ocspstapling2
    --enable-sni

The test suite is written to verify the strength of wolfutil linked
against wolfSSL configured with these options.

Copyright
---------

Copyright (C) 2019  Libiquity LLC

Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.  This file is offered as-is,
without any warranty.