blob: a2cf01f73df6276b0e57c5ecb08cf448e66d38f5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
Unofficial wolfSSL Utility
--------------------------
wolfssl-util is a command-line tool for the wolfSSL embedded (SSL/)TLS
library. It is similar to the OpenSSL command-line tool, providing only
a limited `s_client` TLS client command. The primary goal is to provide
enough functionality for use by BusyBox's wget applet.
wolfssl-util's `s_client` command is designed to be stronger by default
than OpenSSL's, as the latter is only meant to be a "diagnostic tool".
That is, the following command:
$ wolfssl s_client -quiet -connect ${host}:${port} \
> -servername ${servername}
is roughly equivalent to the more complicated:
$ openssl s_client -quiet -connect ${host}:${port} \
> -servername ${servername} -verify 9 -verify_return_error \
> -no_ssl3 -no_tls1 -no_tls1_1
This utility is in no way authored by or affiliated with wolfSSL Inc. or
its contributors.
Recommended wolfSSL Configuration
---------------------------------
Building wolfSSL with the following configuration options (keeping other
defaults) is recommended for wolfssl-util to perform as a strong modern
TLS implementation:
--enable-maxstrength
--disable-aescbc
--disable-oldtls
--disable-md5
--enable-ocsp
--enable-ocspstapling
--enable-ocspstapling2
--enable-sni
The test suite is written to verify the strength of wolfssl-util linked
against wolfSSL configured with these options.
Copyright
---------
Copyright (C) 2019 Patrick McDermott
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without any warranty.
|
