Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New menu option to minimize BSSL ROM with only RSA #6006

Merged
merged 5 commits into from
Apr 25, 2019
Merged

New menu option to minimize BSSL ROM with only RSA #6006

merged 5 commits into from
Apr 25, 2019

Conversation

earlephilhower
Copy link
Collaborator

Adds a menu option and define to limit BearSSL to older RSA connection
options. This saves ~45K program memory and can speed up connections
since EC, while more secure, is significantly slower on the chip.
The supported ciphers are identical to the ones that axTLS supported.

Fixes #6005

@earlephilhower earlephilhower changed the title New menu option to minimize BSSL RAM with only RSA New menu option to minimize BSSL ROM with only RSA Apr 22, 2019
@earlephilhower
New menu option to minimize BSSL ROM with only RSA
01df6f9 
Adds a menu option and define to limit BearSSL to older RSA connection
options.  This saves ~45K program memory and can speed up connections
since EC, while more secure, is significantly slower on the chip.
The supported ciphers are identical to the ones that axTLS supported.

Fixes esp8266#6005
d-a-v
d-a-v approved these changes Apr 24, 2019
View reviewed changes
Copy link
Collaborator

@d-a-v d-a-v left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yatmo !
To help user understanding, I would propose Basic SSL ciphers (- 45KB in flash) in the menu option text.

@earlephilhower
Copy link
Collaborator Author

@d-a-v, do you have a better solution? Think this is something that should only be settable from platform_local.txt?

@d-a-v
Copy link
Collaborator

d-a-v commented Apr 25, 2019

Not a better solution. Indeed another (worse) solution is to use platform.local.txt (like this example #6003 (comment)). It is worse because it is not easily selectable, while not confusing users with tons of options.

So no, to be honest, I prefer the tool menu option (even for #6003).

I wish this menu were more configurable so we can put less obvious choices below a single "uncommon" option.

@earlephilhower earlephilhower merged commit d9b0480 into esp8266:master Apr 25, 2019
@earlephilhower earlephilhower deleted the lowmemssl branch April 25, 2019 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devyte devyte devyte approved these changes

@d-a-v d-a-v d-a-v approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enhancement - Allow linking in smaller set of ciphers on BearSSL to save code space
3 participants
@earlephilhower @d-a-v @devyte