From 01df6f9f7c4791dca370dd70f8a2d14908e55637 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Mon, 22 Apr 2019 13:23:22 -0700 Subject: [PATCH 1/4] New menu option to minimize BSSL ROM with only RSA Adds a menu option and define to limit BearSSL to older RSA connection options. This saves ~45K program memory and can speed up connections since EC, while more secure, is significantly slower on the chip. The supported ciphers are identical to the ones that axTLS supported. Fixes #6005 --- boards.txt | 121 ++++++++++++++++++ .../src/WiFiClientSecureBearSSL.cpp | 35 +++++ .../package_esp8266com_index.template.json | 2 +- platform.txt | 4 +- tools/boards.txt.py | 12 +- 5 files changed, 170 insertions(+), 4 deletions(-) diff --git a/boards.txt b/boards.txt index db90994b33..0ebb37d516 100644 --- a/boards.txt +++ b/boards.txt @@ -21,6 +21,7 @@ menu.exception=Exceptions menu.led=Builtin Led menu.wipe=Erase Flash menu.sdk=Espressif FW +menu.ssl=SSL Support ############################################################## generic.name=Generic ESP8266 Module @@ -53,6 +54,10 @@ generic.menu.exception.disabled.build.stdcpp_lib=-lstdc++ generic.menu.exception.enabled=Enabled generic.menu.exception.enabled.build.exception_flags=-fexceptions generic.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +generic.menu.ssl.all=All SSL ciphers +generic.menu.ssl.all.build.sslflags= +generic.menu.ssl.basic=Basic SSL ciphers +generic.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC generic.menu.ResetMethod.ck=ck generic.menu.ResetMethod.ck.upload.resetmethod=ck generic.menu.ResetMethod.nodemcu=nodemcu @@ -499,6 +504,10 @@ esp8285.menu.exception.disabled.build.stdcpp_lib=-lstdc++ esp8285.menu.exception.enabled=Enabled esp8285.menu.exception.enabled.build.exception_flags=-fexceptions esp8285.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +esp8285.menu.ssl.all=All SSL ciphers +esp8285.menu.ssl.all.build.sslflags= +esp8285.menu.ssl.basic=Basic SSL ciphers +esp8285.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC esp8285.menu.ResetMethod.ck=ck esp8285.menu.ResetMethod.ck.upload.resetmethod=ck esp8285.menu.ResetMethod.nodemcu=nodemcu @@ -774,6 +783,10 @@ espduino.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espduino.menu.exception.enabled=Enabled espduino.menu.exception.enabled.build.exception_flags=-fexceptions espduino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espduino.menu.ssl.all=All SSL ciphers +espduino.menu.ssl.all.build.sslflags= +espduino.menu.ssl.basic=Basic SSL ciphers +espduino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espduino.build.flash_mode=dio espduino.build.flash_flags=-DFLASHMODE_DIO espduino.build.flash_freq=40 @@ -957,6 +970,10 @@ huzzah.menu.exception.disabled.build.stdcpp_lib=-lstdc++ huzzah.menu.exception.enabled=Enabled huzzah.menu.exception.enabled.build.exception_flags=-fexceptions huzzah.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +huzzah.menu.ssl.all=All SSL ciphers +huzzah.menu.ssl.all.build.sslflags= +huzzah.menu.ssl.basic=Basic SSL ciphers +huzzah.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC huzzah.upload.resetmethod=nodemcu huzzah.build.flash_mode=qio huzzah.build.flash_flags=-DFLASHMODE_QIO @@ -1141,6 +1158,10 @@ inventone.menu.exception.disabled.build.stdcpp_lib=-lstdc++ inventone.menu.exception.enabled=Enabled inventone.menu.exception.enabled.build.exception_flags=-fexceptions inventone.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +inventone.menu.ssl.all=All SSL ciphers +inventone.menu.ssl.all.build.sslflags= +inventone.menu.ssl.basic=Basic SSL ciphers +inventone.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC inventone.upload.resetmethod=nodemcu inventone.build.flash_mode=dio inventone.build.flash_flags=-DFLASHMODE_DIO @@ -1325,6 +1346,10 @@ cw01.menu.exception.disabled.build.stdcpp_lib=-lstdc++ cw01.menu.exception.enabled=Enabled cw01.menu.exception.enabled.build.exception_flags=-fexceptions cw01.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +cw01.menu.ssl.all=All SSL ciphers +cw01.menu.ssl.all.build.sslflags= +cw01.menu.ssl.basic=Basic SSL ciphers +cw01.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC cw01.upload.resetmethod=nodemcu cw01.menu.CrystalFreq.26=26 MHz cw01.menu.CrystalFreq.40=40 MHz @@ -1512,6 +1537,10 @@ espresso_lite_v1.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espresso_lite_v1.menu.exception.enabled=Enabled espresso_lite_v1.menu.exception.enabled.build.exception_flags=-fexceptions espresso_lite_v1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espresso_lite_v1.menu.ssl.all=All SSL ciphers +espresso_lite_v1.menu.ssl.all.build.sslflags= +espresso_lite_v1.menu.ssl.basic=Basic SSL ciphers +espresso_lite_v1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espresso_lite_v1.build.flash_mode=dio espresso_lite_v1.build.flash_flags=-DFLASHMODE_DIO espresso_lite_v1.build.flash_freq=40 @@ -1699,6 +1728,10 @@ espresso_lite_v2.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espresso_lite_v2.menu.exception.enabled=Enabled espresso_lite_v2.menu.exception.enabled.build.exception_flags=-fexceptions espresso_lite_v2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espresso_lite_v2.menu.ssl.all=All SSL ciphers +espresso_lite_v2.menu.ssl.all.build.sslflags= +espresso_lite_v2.menu.ssl.basic=Basic SSL ciphers +espresso_lite_v2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espresso_lite_v2.build.flash_mode=dio espresso_lite_v2.build.flash_flags=-DFLASHMODE_DIO espresso_lite_v2.build.flash_freq=40 @@ -1886,6 +1919,10 @@ phoenix_v1.menu.exception.disabled.build.stdcpp_lib=-lstdc++ phoenix_v1.menu.exception.enabled=Enabled phoenix_v1.menu.exception.enabled.build.exception_flags=-fexceptions phoenix_v1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +phoenix_v1.menu.ssl.all=All SSL ciphers +phoenix_v1.menu.ssl.all.build.sslflags= +phoenix_v1.menu.ssl.basic=Basic SSL ciphers +phoenix_v1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC phoenix_v1.build.flash_mode=dio phoenix_v1.build.flash_flags=-DFLASHMODE_DIO phoenix_v1.build.flash_freq=40 @@ -2073,6 +2110,10 @@ phoenix_v2.menu.exception.disabled.build.stdcpp_lib=-lstdc++ phoenix_v2.menu.exception.enabled=Enabled phoenix_v2.menu.exception.enabled.build.exception_flags=-fexceptions phoenix_v2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +phoenix_v2.menu.ssl.all=All SSL ciphers +phoenix_v2.menu.ssl.all.build.sslflags= +phoenix_v2.menu.ssl.basic=Basic SSL ciphers +phoenix_v2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC phoenix_v2.build.flash_mode=dio phoenix_v2.build.flash_flags=-DFLASHMODE_DIO phoenix_v2.build.flash_freq=40 @@ -2260,6 +2301,10 @@ nodemcu.menu.exception.disabled.build.stdcpp_lib=-lstdc++ nodemcu.menu.exception.enabled=Enabled nodemcu.menu.exception.enabled.build.exception_flags=-fexceptions nodemcu.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +nodemcu.menu.ssl.all=All SSL ciphers +nodemcu.menu.ssl.all.build.sslflags= +nodemcu.menu.ssl.basic=Basic SSL ciphers +nodemcu.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC nodemcu.upload.resetmethod=nodemcu nodemcu.build.flash_mode=qio nodemcu.build.flash_flags=-DFLASHMODE_QIO @@ -2444,6 +2489,10 @@ nodemcuv2.menu.exception.disabled.build.stdcpp_lib=-lstdc++ nodemcuv2.menu.exception.enabled=Enabled nodemcuv2.menu.exception.enabled.build.exception_flags=-fexceptions nodemcuv2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +nodemcuv2.menu.ssl.all=All SSL ciphers +nodemcuv2.menu.ssl.all.build.sslflags= +nodemcuv2.menu.ssl.basic=Basic SSL ciphers +nodemcuv2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC nodemcuv2.upload.resetmethod=nodemcu nodemcuv2.build.flash_mode=dio nodemcuv2.build.flash_flags=-DFLASHMODE_DIO @@ -2628,6 +2677,10 @@ modwifi.menu.exception.disabled.build.stdcpp_lib=-lstdc++ modwifi.menu.exception.enabled=Enabled modwifi.menu.exception.enabled.build.exception_flags=-fexceptions modwifi.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +modwifi.menu.ssl.all=All SSL ciphers +modwifi.menu.ssl.all.build.sslflags= +modwifi.menu.ssl.basic=Basic SSL ciphers +modwifi.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC modwifi.upload.resetmethod=ck modwifi.build.flash_mode=qio modwifi.build.flash_flags=-DFLASHMODE_QIO @@ -2822,6 +2875,10 @@ thing.menu.exception.disabled.build.stdcpp_lib=-lstdc++ thing.menu.exception.enabled=Enabled thing.menu.exception.enabled.build.exception_flags=-fexceptions thing.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +thing.menu.ssl.all=All SSL ciphers +thing.menu.ssl.all.build.sslflags= +thing.menu.ssl.basic=Basic SSL ciphers +thing.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC thing.upload.resetmethod=ck thing.build.flash_mode=qio thing.build.flash_flags=-DFLASHMODE_QIO @@ -3006,6 +3063,10 @@ thingdev.menu.exception.disabled.build.stdcpp_lib=-lstdc++ thingdev.menu.exception.enabled=Enabled thingdev.menu.exception.enabled.build.exception_flags=-fexceptions thingdev.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +thingdev.menu.ssl.all=All SSL ciphers +thingdev.menu.ssl.all.build.sslflags= +thingdev.menu.ssl.basic=Basic SSL ciphers +thingdev.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC thingdev.upload.resetmethod=nodemcu thingdev.build.flash_mode=dio thingdev.build.flash_flags=-DFLASHMODE_DIO @@ -3190,6 +3251,10 @@ esp210.menu.exception.disabled.build.stdcpp_lib=-lstdc++ esp210.menu.exception.enabled=Enabled esp210.menu.exception.enabled.build.exception_flags=-fexceptions esp210.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +esp210.menu.ssl.all=All SSL ciphers +esp210.menu.ssl.all.build.sslflags= +esp210.menu.ssl.basic=Basic SSL ciphers +esp210.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC esp210.upload.resetmethod=ck esp210.build.flash_mode=qio esp210.build.flash_flags=-DFLASHMODE_QIO @@ -3374,6 +3439,10 @@ d1_mini.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1_mini.menu.exception.enabled=Enabled d1_mini.menu.exception.enabled.build.exception_flags=-fexceptions d1_mini.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +d1_mini.menu.ssl.all=All SSL ciphers +d1_mini.menu.ssl.all.build.sslflags= +d1_mini.menu.ssl.basic=Basic SSL ciphers +d1_mini.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1_mini.upload.resetmethod=nodemcu d1_mini.build.flash_mode=dio d1_mini.build.flash_flags=-DFLASHMODE_DIO @@ -3558,6 +3627,10 @@ d1_mini_pro.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1_mini_pro.menu.exception.enabled=Enabled d1_mini_pro.menu.exception.enabled.build.exception_flags=-fexceptions d1_mini_pro.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +d1_mini_pro.menu.ssl.all=All SSL ciphers +d1_mini_pro.menu.ssl.all.build.sslflags= +d1_mini_pro.menu.ssl.basic=Basic SSL ciphers +d1_mini_pro.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1_mini_pro.upload.resetmethod=nodemcu d1_mini_pro.build.flash_mode=dio d1_mini_pro.build.flash_flags=-DFLASHMODE_DIO @@ -3725,6 +3798,10 @@ d1_mini_lite.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1_mini_lite.menu.exception.enabled=Enabled d1_mini_lite.menu.exception.enabled.build.exception_flags=-fexceptions d1_mini_lite.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +d1_mini_lite.menu.ssl.all=All SSL ciphers +d1_mini_lite.menu.ssl.all.build.sslflags= +d1_mini_lite.menu.ssl.basic=Basic SSL ciphers +d1_mini_lite.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1_mini_lite.upload.resetmethod=nodemcu d1_mini_lite.build.flash_mode=dout d1_mini_lite.build.flash_flags=-DFLASHMODE_DOUT @@ -3949,6 +4026,10 @@ d1.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1.menu.exception.enabled=Enabled d1.menu.exception.enabled.build.exception_flags=-fexceptions d1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +d1.menu.ssl.all=All SSL ciphers +d1.menu.ssl.all.build.sslflags= +d1.menu.ssl.basic=Basic SSL ciphers +d1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1.upload.resetmethod=nodemcu d1.build.flash_mode=dio d1.build.flash_flags=-DFLASHMODE_DIO @@ -4133,6 +4214,10 @@ espino.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espino.menu.exception.enabled=Enabled espino.menu.exception.enabled.build.exception_flags=-fexceptions espino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espino.menu.ssl.all=All SSL ciphers +espino.menu.ssl.all.build.sslflags= +espino.menu.ssl.basic=Basic SSL ciphers +espino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espino.menu.ResetMethod.ck=ck espino.menu.ResetMethod.ck.upload.resetmethod=ck espino.menu.ResetMethod.nodemcu=nodemcu @@ -4320,6 +4405,10 @@ espinotee.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espinotee.menu.exception.enabled=Enabled espinotee.menu.exception.enabled.build.exception_flags=-fexceptions espinotee.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espinotee.menu.ssl.all=All SSL ciphers +espinotee.menu.ssl.all.build.sslflags= +espinotee.menu.ssl.basic=Basic SSL ciphers +espinotee.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espinotee.upload.resetmethod=nodemcu espinotee.build.flash_mode=qio espinotee.build.flash_flags=-DFLASHMODE_QIO @@ -4521,6 +4610,10 @@ wifinfo.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wifinfo.menu.exception.enabled=Enabled wifinfo.menu.exception.enabled.build.exception_flags=-fexceptions wifinfo.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +wifinfo.menu.ssl.all=All SSL ciphers +wifinfo.menu.ssl.all.build.sslflags= +wifinfo.menu.ssl.basic=Basic SSL ciphers +wifinfo.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wifinfo.upload.resetmethod=nodemcu wifinfo.build.flash_mode=qio wifinfo.build.flash_flags=-DFLASHMODE_QIO @@ -4760,6 +4853,10 @@ arduino-esp8266.menu.exception.disabled.build.stdcpp_lib=-lstdc++ arduino-esp8266.menu.exception.enabled=Enabled arduino-esp8266.menu.exception.enabled.build.exception_flags=-fexceptions arduino-esp8266.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +arduino-esp8266.menu.ssl.all=All SSL ciphers +arduino-esp8266.menu.ssl.all.build.sslflags= +arduino-esp8266.menu.ssl.basic=Basic SSL ciphers +arduino-esp8266.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC arduino-esp8266.upload.resetmethod=ck arduino-esp8266.build.flash_mode=qio arduino-esp8266.build.flash_flags=-DFLASHMODE_QIO @@ -4945,6 +5042,10 @@ gen4iod.menu.exception.disabled.build.stdcpp_lib=-lstdc++ gen4iod.menu.exception.enabled=Enabled gen4iod.menu.exception.enabled.build.exception_flags=-fexceptions gen4iod.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +gen4iod.menu.ssl.all=All SSL ciphers +gen4iod.menu.ssl.all.build.sslflags= +gen4iod.menu.ssl.basic=Basic SSL ciphers +gen4iod.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC gen4iod.upload.resetmethod=nodemcu gen4iod.build.flash_mode=dio gen4iod.build.flash_flags=-DFLASHMODE_DIO @@ -5130,6 +5231,10 @@ oak.menu.exception.disabled.build.stdcpp_lib=-lstdc++ oak.menu.exception.enabled=Enabled oak.menu.exception.enabled.build.exception_flags=-fexceptions oak.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +oak.menu.ssl.all=All SSL ciphers +oak.menu.ssl.all.build.sslflags= +oak.menu.ssl.basic=Basic SSL ciphers +oak.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC oak.upload.resetmethod=none oak.build.flash_mode=dio oak.build.flash_flags=-DFLASHMODE_DIO @@ -5314,6 +5419,10 @@ wifiduino.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wifiduino.menu.exception.enabled=Enabled wifiduino.menu.exception.enabled.build.exception_flags=-fexceptions wifiduino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +wifiduino.menu.ssl.all=All SSL ciphers +wifiduino.menu.ssl.all.build.sslflags= +wifiduino.menu.ssl.basic=Basic SSL ciphers +wifiduino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wifiduino.upload.resetmethod=nodemcu wifiduino.build.flash_mode=dio wifiduino.build.flash_flags=-DFLASHMODE_DIO @@ -5498,6 +5607,10 @@ wifi_slot.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wifi_slot.menu.exception.enabled=Enabled wifi_slot.menu.exception.enabled.build.exception_flags=-fexceptions wifi_slot.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +wifi_slot.menu.ssl.all=All SSL ciphers +wifi_slot.menu.ssl.all.build.sslflags= +wifi_slot.menu.ssl.basic=Basic SSL ciphers +wifi_slot.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wifi_slot.upload.resetmethod=nodemcu wifi_slot.menu.FlashFreq.40=40MHz wifi_slot.menu.FlashFreq.40.build.flash_freq=40 @@ -5782,6 +5895,10 @@ wiolink.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wiolink.menu.exception.enabled=Enabled wiolink.menu.exception.enabled.build.exception_flags=-fexceptions wiolink.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +wiolink.menu.ssl.all=All SSL ciphers +wiolink.menu.ssl.all.build.sslflags= +wiolink.menu.ssl.basic=Basic SSL ciphers +wiolink.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wiolink.upload.resetmethod=nodemcu wiolink.build.flash_mode=qio wiolink.build.flash_flags=-DFLASHMODE_QIO @@ -5966,6 +6083,10 @@ espectro.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espectro.menu.exception.enabled=Enabled espectro.menu.exception.enabled.build.exception_flags=-fexceptions espectro.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espectro.menu.ssl.all=All SSL ciphers +espectro.menu.ssl.all.build.sslflags= +espectro.menu.ssl.basic=Basic SSL ciphers +espectro.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espectro.upload.resetmethod=nodemcu espectro.build.flash_mode=dio espectro.build.flash_flags=-DFLASHMODE_DIO diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp index 4a2a68363f..6dd3896c53 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp @@ -744,6 +744,7 @@ extern "C" { * strong enough, and AES-256 is 40% more expensive). */ static const uint16_t suites_P[] PROGMEM = { +#ifndef BEARSSL_SSL_BASIC BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, @@ -780,15 +781,18 @@ extern "C" { BR_TLS_RSA_WITH_AES_256_CCM, BR_TLS_RSA_WITH_AES_128_CCM_8, BR_TLS_RSA_WITH_AES_256_CCM_8, +#endif BR_TLS_RSA_WITH_AES_128_CBC_SHA256, BR_TLS_RSA_WITH_AES_256_CBC_SHA256, BR_TLS_RSA_WITH_AES_128_CBC_SHA, BR_TLS_RSA_WITH_AES_256_CBC_SHA, +#ifndef BEARSSL_SSL_BASIC BR_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, BR_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, BR_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, BR_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA +#endif }; // For apps which want to use less secure but faster ciphers, only @@ -826,16 +830,20 @@ extern "C" { br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0])); br_ssl_client_set_default_rsapub(cc); br_ssl_engine_set_default_rsavrfy(&cc->eng); +#ifndef BEARSSL_SSL_BASIC br_ssl_engine_set_default_ecdsa(&cc->eng); +#endif br_ssl_client_install_hashes(&cc->eng); br_ssl_engine_set_prf10(&cc->eng, &br_tls10_prf); br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf); br_ssl_engine_set_prf_sha384(&cc->eng, &br_tls12_sha384_prf); br_ssl_engine_set_default_aes_cbc(&cc->eng); +#ifndef BEARSSL_SSL_BASIC br_ssl_engine_set_default_aes_gcm(&cc->eng); br_ssl_engine_set_default_aes_ccm(&cc->eng); br_ssl_engine_set_default_des_cbc(&cc->eng); br_ssl_engine_set_default_chapol(&cc->eng); +#endif } } @@ -882,7 +890,14 @@ bool WiFiClientSecure::_installClientX509Validator() { if (_knownkey->isRSA()) { br_x509_knownkey_init_rsa(_x509_knownkey.get(), _knownkey->getRSA(), _knownkey_usages); } else if (_knownkey->isEC()) { +#ifndef BEARSSL_SSL_BASIC br_x509_knownkey_init_ec(_x509_knownkey.get(), _knownkey->getEC(), _knownkey_usages); +#else + (void) _knownkey; + (void) _knownkey_usages; + DEBUG_BSSL("_installClientX509Validator: Attempting to use EC keys in minimal cipher mode (no EC)\n"); + return false; +#endif } br_ssl_engine_set_x509(_eng, &_x509_knownkey->vtable); } else { @@ -894,7 +909,9 @@ bool WiFiClientSecure::_installClientX509Validator() { } br_x509_minimal_init(_x509_minimal.get(), &br_sha256_vtable, _ta ? _ta->getTrustAnchors() : nullptr, _ta ? _ta->getCount() : 0); br_x509_minimal_set_rsa(_x509_minimal.get(), br_ssl_engine_get_rsavrfy(_eng)); +#ifndef BEARSSL_SSL_BASIC br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng)); +#endif br_x509_minimal_install_hashes(_x509_minimal.get()); if (_now) { // Magic constants convert to x509 times @@ -953,9 +970,15 @@ bool WiFiClientSecure::_connectSSL(const char* hostName) { br_ssl_client_set_single_rsa(_sc.get(), _chain ? _chain->getX509Certs() : nullptr, _chain ? _chain->getCount() : 0, _sk->getRSA(), br_rsa_pkcs1_sign_get_default()); } else if (_sk && _sk->isEC()) { +#ifndef BEARSSL_SSL_BASIC br_ssl_client_set_single_ec(_sc.get(), _chain ? _chain->getX509Certs() : nullptr, _chain ? _chain->getCount() : 0, _sk->getEC(), _allowed_usages, _cert_issuer_key_type, br_ec_get_default(), br_ecdsa_sign_asn1_get_default()); +#else + _freeSSL(); + DEBUG_BSSL("_connectSSL: Attempting to use EC cert in minimal cipher mode (no EC)\n"); + return false; +#endif } // Restore session from the storage spot, if present @@ -997,9 +1020,13 @@ bool WiFiClientSecure::_installServerX509Validator(const X509List *client_CA_ta) } br_x509_minimal_init(_x509_minimal.get(), &br_sha256_vtable, _ta->getTrustAnchors(), _ta->getCount()); br_ssl_engine_set_default_rsavrfy(_eng); +#ifndef BEARSSL_SSL_BASIC br_ssl_engine_set_default_ecdsa(_eng); +#endif br_x509_minimal_set_rsa(_x509_minimal.get(), br_ssl_engine_get_rsavrfy(_eng)); +#ifndef BEARSSL_SSL_BASIC br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng)); +#endif br_x509_minimal_install_hashes(_x509_minimal.get()); if (_now) { // Magic constants convert to x509 times @@ -1048,6 +1075,7 @@ bool WiFiClientSecure::_connectSSLServerRSA(const X509List *chain, bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain, unsigned cert_issuer_key_type, const PrivateKey *sk, const X509List *client_CA_ta) { +#ifndef BEARSSL_SSL_BASIC _freeSSL(); _oom_err = false; _sc_svr = std::make_shared(); @@ -1076,6 +1104,13 @@ bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain, } return _wait_for_handshake(); +#else + (void) chain; + (void) sk; + (void) client_CA_ta; + DEBUG_BSSL("_connectSSLServerEC: Attempting to use EC cert in minimal cipher mode (no EC)\n"); + return false; +#endif } // Returns an error ID and possibly a string (if dest != null) of the last diff --git a/package/package_esp8266com_index.template.json b/package/package_esp8266com_index.template.json index 387f636c17..ec2314f7e1 100644 --- a/package/package_esp8266com_index.template.json +++ b/package/package_esp8266com_index.template.json @@ -299,4 +299,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/platform.txt b/platform.txt index 706d5b9c86..363bf020d1 100644 --- a/platform.txt +++ b/platform.txt @@ -44,7 +44,7 @@ compiler.libc.path={runtime.platform.path}/tools/sdk/libc/xtensa-lx106-elf compiler.cpreprocessor.flags=-D__ets__ -DICACHE_FLASH -U__STRICT_ANSI__ "-I{compiler.sdk.path}/include" "-I{compiler.sdk.path}/{build.lwip_include}" "-I{compiler.libc.path}/include" "-I{build.path}/core" compiler.c.cmd=xtensa-lx106-elf-gcc -compiler.c.flags=-c {compiler.warning_flags} -Os -g -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mtext-section-literals -falign-functions=4 -MMD -std=gnu99 -ffunction-sections -fdata-sections {build.exception_flags} +compiler.c.flags=-c {compiler.warning_flags} -Os -g -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mtext-section-literals -falign-functions=4 -MMD -std=gnu99 -ffunction-sections -fdata-sections {build.exception_flags} {build.sslflags} compiler.S.cmd=xtensa-lx106-elf-gcc compiler.S.flags=-c -g -x assembler-with-cpp -MMD -mlongcalls @@ -55,7 +55,7 @@ compiler.c.elf.cmd=xtensa-lx106-elf-gcc compiler.c.elf.libs=-lhal -lphy -lpp -lnet80211 {build.lwip_lib} -lwpa -lcrypto -lmain -lwps -lbearssl -laxtls -lespnow -lsmartconfig -lairkiss -lwpa2 {build.stdcpp_lib} -lm -lc -lgcc compiler.cpp.cmd=xtensa-lx106-elf-g++ -compiler.cpp.flags=-c {compiler.warning_flags} -Os -g -mlongcalls -mtext-section-literals -fno-rtti -falign-functions=4 -std=c++11 -MMD -ffunction-sections -fdata-sections {build.exception_flags} +compiler.cpp.flags=-c {compiler.warning_flags} -Os -g -mlongcalls -mtext-section-literals -fno-rtti -falign-functions=4 -std=c++11 -MMD -ffunction-sections -fdata-sections {build.exception_flags} {build.sslflags} compiler.as.cmd=xtensa-lx106-elf-as diff --git a/tools/boards.txt.py b/tools/boards.txt.py index fd9605116a..60cd2abed9 100755 --- a/tools/boards.txt.py +++ b/tools/boards.txt.py @@ -1074,6 +1074,15 @@ ( '.menu.wipe.all.upload.erase_cmd', 'erase_flash' ), ]), + ######################## SSL supported protocols + + 'ssl_cipher_menu': collections.OrderedDict([ + ( '.menu.ssl.all', 'All SSL ciphers' ), + ( '.menu.ssl.all.build.sslflags', ''), + ( '.menu.ssl.basic', 'Basic SSL ciphers' ), + ( '.menu.ssl.basic.build.sslflags', '-DBEARSSL_SSL_BASIC'), + ]), + } ################################################################ @@ -1384,6 +1393,7 @@ def all_boards (): print('menu.led=Builtin Led') print('menu.wipe=Erase Flash') print('menu.sdk=Espressif FW') + print('menu.ssl=SSL Support') print('') for id in boards: @@ -1397,7 +1407,7 @@ def all_boards (): print(id + optname + '=' + board['opts'][optname]) # macros - macrolist = [ 'defaults', 'cpufreq_menu', 'vtable_menu', 'exception_menu' ] + macrolist = [ 'defaults', 'cpufreq_menu', 'vtable_menu', 'exception_menu', 'ssl_cipher_menu' ] if 'macro' in board: macrolist += board['macro'] if lwip == 2: From ccbf23b7ace5c1c52188623f734de1319f81151b Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Mon, 22 Apr 2019 14:02:33 -0700 Subject: [PATCH 2/4] Add default SSLFLAGS(blank) to platform.txt --- platform.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/platform.txt b/platform.txt index 363bf020d1..2ba6dfefa0 100644 --- a/platform.txt +++ b/platform.txt @@ -30,6 +30,8 @@ build.lwip_flags=-DLWIP_OPEN_SRC build.vtable_flags=-DVTABLES_IN_FLASH +build.sslflags= + build.exception_flags=-fno-exceptions build.stdcpp_lib=-lstdc++ From b72c0d62a5cc57615aa095c94af5264a750b635d Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Mon, 22 Apr 2019 14:08:32 -0700 Subject: [PATCH 3/4] Fix unused variable warning --- libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp index 6dd3896c53..e2f35b51ed 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp @@ -1106,6 +1106,7 @@ bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain, return _wait_for_handshake(); #else (void) chain; + (void) cert_issuer_key_type; (void) sk; (void) client_CA_ta; DEBUG_BSSL("_connectSSLServerEC: Attempting to use EC cert in minimal cipher mode (no EC)\n"); From 5597e9905aa5d25555cca2cebd4e6e4e042bc80b Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Thu, 25 Apr 2019 07:47:58 -0700 Subject: [PATCH 4/4] Add clarifying comment to menu items --- boards.txt | 120 ++++++++++++++++++++++---------------------- tools/boards.txt.py | 4 +- 2 files changed, 62 insertions(+), 62 deletions(-) diff --git a/boards.txt b/boards.txt index 0ebb37d516..083b5e740a 100644 --- a/boards.txt +++ b/boards.txt @@ -54,9 +54,9 @@ generic.menu.exception.disabled.build.stdcpp_lib=-lstdc++ generic.menu.exception.enabled=Enabled generic.menu.exception.enabled.build.exception_flags=-fexceptions generic.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -generic.menu.ssl.all=All SSL ciphers +generic.menu.ssl.all=All SSL ciphers (most compatible) generic.menu.ssl.all.build.sslflags= -generic.menu.ssl.basic=Basic SSL ciphers +generic.menu.ssl.basic=Basic SSL ciphers (lower ROM use) generic.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC generic.menu.ResetMethod.ck=ck generic.menu.ResetMethod.ck.upload.resetmethod=ck @@ -504,9 +504,9 @@ esp8285.menu.exception.disabled.build.stdcpp_lib=-lstdc++ esp8285.menu.exception.enabled=Enabled esp8285.menu.exception.enabled.build.exception_flags=-fexceptions esp8285.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -esp8285.menu.ssl.all=All SSL ciphers +esp8285.menu.ssl.all=All SSL ciphers (most compatible) esp8285.menu.ssl.all.build.sslflags= -esp8285.menu.ssl.basic=Basic SSL ciphers +esp8285.menu.ssl.basic=Basic SSL ciphers (lower ROM use) esp8285.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC esp8285.menu.ResetMethod.ck=ck esp8285.menu.ResetMethod.ck.upload.resetmethod=ck @@ -783,9 +783,9 @@ espduino.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espduino.menu.exception.enabled=Enabled espduino.menu.exception.enabled.build.exception_flags=-fexceptions espduino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -espduino.menu.ssl.all=All SSL ciphers +espduino.menu.ssl.all=All SSL ciphers (most compatible) espduino.menu.ssl.all.build.sslflags= -espduino.menu.ssl.basic=Basic SSL ciphers +espduino.menu.ssl.basic=Basic SSL ciphers (lower ROM use) espduino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espduino.build.flash_mode=dio espduino.build.flash_flags=-DFLASHMODE_DIO @@ -970,9 +970,9 @@ huzzah.menu.exception.disabled.build.stdcpp_lib=-lstdc++ huzzah.menu.exception.enabled=Enabled huzzah.menu.exception.enabled.build.exception_flags=-fexceptions huzzah.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -huzzah.menu.ssl.all=All SSL ciphers +huzzah.menu.ssl.all=All SSL ciphers (most compatible) huzzah.menu.ssl.all.build.sslflags= -huzzah.menu.ssl.basic=Basic SSL ciphers +huzzah.menu.ssl.basic=Basic SSL ciphers (lower ROM use) huzzah.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC huzzah.upload.resetmethod=nodemcu huzzah.build.flash_mode=qio @@ -1158,9 +1158,9 @@ inventone.menu.exception.disabled.build.stdcpp_lib=-lstdc++ inventone.menu.exception.enabled=Enabled inventone.menu.exception.enabled.build.exception_flags=-fexceptions inventone.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -inventone.menu.ssl.all=All SSL ciphers +inventone.menu.ssl.all=All SSL ciphers (most compatible) inventone.menu.ssl.all.build.sslflags= -inventone.menu.ssl.basic=Basic SSL ciphers +inventone.menu.ssl.basic=Basic SSL ciphers (lower ROM use) inventone.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC inventone.upload.resetmethod=nodemcu inventone.build.flash_mode=dio @@ -1346,9 +1346,9 @@ cw01.menu.exception.disabled.build.stdcpp_lib=-lstdc++ cw01.menu.exception.enabled=Enabled cw01.menu.exception.enabled.build.exception_flags=-fexceptions cw01.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -cw01.menu.ssl.all=All SSL ciphers +cw01.menu.ssl.all=All SSL ciphers (most compatible) cw01.menu.ssl.all.build.sslflags= -cw01.menu.ssl.basic=Basic SSL ciphers +cw01.menu.ssl.basic=Basic SSL ciphers (lower ROM use) cw01.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC cw01.upload.resetmethod=nodemcu cw01.menu.CrystalFreq.26=26 MHz @@ -1537,9 +1537,9 @@ espresso_lite_v1.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espresso_lite_v1.menu.exception.enabled=Enabled espresso_lite_v1.menu.exception.enabled.build.exception_flags=-fexceptions espresso_lite_v1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -espresso_lite_v1.menu.ssl.all=All SSL ciphers +espresso_lite_v1.menu.ssl.all=All SSL ciphers (most compatible) espresso_lite_v1.menu.ssl.all.build.sslflags= -espresso_lite_v1.menu.ssl.basic=Basic SSL ciphers +espresso_lite_v1.menu.ssl.basic=Basic SSL ciphers (lower ROM use) espresso_lite_v1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espresso_lite_v1.build.flash_mode=dio espresso_lite_v1.build.flash_flags=-DFLASHMODE_DIO @@ -1728,9 +1728,9 @@ espresso_lite_v2.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espresso_lite_v2.menu.exception.enabled=Enabled espresso_lite_v2.menu.exception.enabled.build.exception_flags=-fexceptions espresso_lite_v2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -espresso_lite_v2.menu.ssl.all=All SSL ciphers +espresso_lite_v2.menu.ssl.all=All SSL ciphers (most compatible) espresso_lite_v2.menu.ssl.all.build.sslflags= -espresso_lite_v2.menu.ssl.basic=Basic SSL ciphers +espresso_lite_v2.menu.ssl.basic=Basic SSL ciphers (lower ROM use) espresso_lite_v2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espresso_lite_v2.build.flash_mode=dio espresso_lite_v2.build.flash_flags=-DFLASHMODE_DIO @@ -1919,9 +1919,9 @@ phoenix_v1.menu.exception.disabled.build.stdcpp_lib=-lstdc++ phoenix_v1.menu.exception.enabled=Enabled phoenix_v1.menu.exception.enabled.build.exception_flags=-fexceptions phoenix_v1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -phoenix_v1.menu.ssl.all=All SSL ciphers +phoenix_v1.menu.ssl.all=All SSL ciphers (most compatible) phoenix_v1.menu.ssl.all.build.sslflags= -phoenix_v1.menu.ssl.basic=Basic SSL ciphers +phoenix_v1.menu.ssl.basic=Basic SSL ciphers (lower ROM use) phoenix_v1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC phoenix_v1.build.flash_mode=dio phoenix_v1.build.flash_flags=-DFLASHMODE_DIO @@ -2110,9 +2110,9 @@ phoenix_v2.menu.exception.disabled.build.stdcpp_lib=-lstdc++ phoenix_v2.menu.exception.enabled=Enabled phoenix_v2.menu.exception.enabled.build.exception_flags=-fexceptions phoenix_v2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -phoenix_v2.menu.ssl.all=All SSL ciphers +phoenix_v2.menu.ssl.all=All SSL ciphers (most compatible) phoenix_v2.menu.ssl.all.build.sslflags= -phoenix_v2.menu.ssl.basic=Basic SSL ciphers +phoenix_v2.menu.ssl.basic=Basic SSL ciphers (lower ROM use) phoenix_v2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC phoenix_v2.build.flash_mode=dio phoenix_v2.build.flash_flags=-DFLASHMODE_DIO @@ -2301,9 +2301,9 @@ nodemcu.menu.exception.disabled.build.stdcpp_lib=-lstdc++ nodemcu.menu.exception.enabled=Enabled nodemcu.menu.exception.enabled.build.exception_flags=-fexceptions nodemcu.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -nodemcu.menu.ssl.all=All SSL ciphers +nodemcu.menu.ssl.all=All SSL ciphers (most compatible) nodemcu.menu.ssl.all.build.sslflags= -nodemcu.menu.ssl.basic=Basic SSL ciphers +nodemcu.menu.ssl.basic=Basic SSL ciphers (lower ROM use) nodemcu.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC nodemcu.upload.resetmethod=nodemcu nodemcu.build.flash_mode=qio @@ -2489,9 +2489,9 @@ nodemcuv2.menu.exception.disabled.build.stdcpp_lib=-lstdc++ nodemcuv2.menu.exception.enabled=Enabled nodemcuv2.menu.exception.enabled.build.exception_flags=-fexceptions nodemcuv2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -nodemcuv2.menu.ssl.all=All SSL ciphers +nodemcuv2.menu.ssl.all=All SSL ciphers (most compatible) nodemcuv2.menu.ssl.all.build.sslflags= -nodemcuv2.menu.ssl.basic=Basic SSL ciphers +nodemcuv2.menu.ssl.basic=Basic SSL ciphers (lower ROM use) nodemcuv2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC nodemcuv2.upload.resetmethod=nodemcu nodemcuv2.build.flash_mode=dio @@ -2677,9 +2677,9 @@ modwifi.menu.exception.disabled.build.stdcpp_lib=-lstdc++ modwifi.menu.exception.enabled=Enabled modwifi.menu.exception.enabled.build.exception_flags=-fexceptions modwifi.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -modwifi.menu.ssl.all=All SSL ciphers +modwifi.menu.ssl.all=All SSL ciphers (most compatible) modwifi.menu.ssl.all.build.sslflags= -modwifi.menu.ssl.basic=Basic SSL ciphers +modwifi.menu.ssl.basic=Basic SSL ciphers (lower ROM use) modwifi.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC modwifi.upload.resetmethod=ck modwifi.build.flash_mode=qio @@ -2875,9 +2875,9 @@ thing.menu.exception.disabled.build.stdcpp_lib=-lstdc++ thing.menu.exception.enabled=Enabled thing.menu.exception.enabled.build.exception_flags=-fexceptions thing.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -thing.menu.ssl.all=All SSL ciphers +thing.menu.ssl.all=All SSL ciphers (most compatible) thing.menu.ssl.all.build.sslflags= -thing.menu.ssl.basic=Basic SSL ciphers +thing.menu.ssl.basic=Basic SSL ciphers (lower ROM use) thing.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC thing.upload.resetmethod=ck thing.build.flash_mode=qio @@ -3063,9 +3063,9 @@ thingdev.menu.exception.disabled.build.stdcpp_lib=-lstdc++ thingdev.menu.exception.enabled=Enabled thingdev.menu.exception.enabled.build.exception_flags=-fexceptions thingdev.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -thingdev.menu.ssl.all=All SSL ciphers +thingdev.menu.ssl.all=All SSL ciphers (most compatible) thingdev.menu.ssl.all.build.sslflags= -thingdev.menu.ssl.basic=Basic SSL ciphers +thingdev.menu.ssl.basic=Basic SSL ciphers (lower ROM use) thingdev.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC thingdev.upload.resetmethod=nodemcu thingdev.build.flash_mode=dio @@ -3251,9 +3251,9 @@ esp210.menu.exception.disabled.build.stdcpp_lib=-lstdc++ esp210.menu.exception.enabled=Enabled esp210.menu.exception.enabled.build.exception_flags=-fexceptions esp210.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -esp210.menu.ssl.all=All SSL ciphers +esp210.menu.ssl.all=All SSL ciphers (most compatible) esp210.menu.ssl.all.build.sslflags= -esp210.menu.ssl.basic=Basic SSL ciphers +esp210.menu.ssl.basic=Basic SSL ciphers (lower ROM use) esp210.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC esp210.upload.resetmethod=ck esp210.build.flash_mode=qio @@ -3439,9 +3439,9 @@ d1_mini.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1_mini.menu.exception.enabled=Enabled d1_mini.menu.exception.enabled.build.exception_flags=-fexceptions d1_mini.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -d1_mini.menu.ssl.all=All SSL ciphers +d1_mini.menu.ssl.all=All SSL ciphers (most compatible) d1_mini.menu.ssl.all.build.sslflags= -d1_mini.menu.ssl.basic=Basic SSL ciphers +d1_mini.menu.ssl.basic=Basic SSL ciphers (lower ROM use) d1_mini.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1_mini.upload.resetmethod=nodemcu d1_mini.build.flash_mode=dio @@ -3627,9 +3627,9 @@ d1_mini_pro.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1_mini_pro.menu.exception.enabled=Enabled d1_mini_pro.menu.exception.enabled.build.exception_flags=-fexceptions d1_mini_pro.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -d1_mini_pro.menu.ssl.all=All SSL ciphers +d1_mini_pro.menu.ssl.all=All SSL ciphers (most compatible) d1_mini_pro.menu.ssl.all.build.sslflags= -d1_mini_pro.menu.ssl.basic=Basic SSL ciphers +d1_mini_pro.menu.ssl.basic=Basic SSL ciphers (lower ROM use) d1_mini_pro.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1_mini_pro.upload.resetmethod=nodemcu d1_mini_pro.build.flash_mode=dio @@ -3798,9 +3798,9 @@ d1_mini_lite.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1_mini_lite.menu.exception.enabled=Enabled d1_mini_lite.menu.exception.enabled.build.exception_flags=-fexceptions d1_mini_lite.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -d1_mini_lite.menu.ssl.all=All SSL ciphers +d1_mini_lite.menu.ssl.all=All SSL ciphers (most compatible) d1_mini_lite.menu.ssl.all.build.sslflags= -d1_mini_lite.menu.ssl.basic=Basic SSL ciphers +d1_mini_lite.menu.ssl.basic=Basic SSL ciphers (lower ROM use) d1_mini_lite.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1_mini_lite.upload.resetmethod=nodemcu d1_mini_lite.build.flash_mode=dout @@ -4026,9 +4026,9 @@ d1.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1.menu.exception.enabled=Enabled d1.menu.exception.enabled.build.exception_flags=-fexceptions d1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -d1.menu.ssl.all=All SSL ciphers +d1.menu.ssl.all=All SSL ciphers (most compatible) d1.menu.ssl.all.build.sslflags= -d1.menu.ssl.basic=Basic SSL ciphers +d1.menu.ssl.basic=Basic SSL ciphers (lower ROM use) d1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1.upload.resetmethod=nodemcu d1.build.flash_mode=dio @@ -4214,9 +4214,9 @@ espino.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espino.menu.exception.enabled=Enabled espino.menu.exception.enabled.build.exception_flags=-fexceptions espino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -espino.menu.ssl.all=All SSL ciphers +espino.menu.ssl.all=All SSL ciphers (most compatible) espino.menu.ssl.all.build.sslflags= -espino.menu.ssl.basic=Basic SSL ciphers +espino.menu.ssl.basic=Basic SSL ciphers (lower ROM use) espino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espino.menu.ResetMethod.ck=ck espino.menu.ResetMethod.ck.upload.resetmethod=ck @@ -4405,9 +4405,9 @@ espinotee.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espinotee.menu.exception.enabled=Enabled espinotee.menu.exception.enabled.build.exception_flags=-fexceptions espinotee.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -espinotee.menu.ssl.all=All SSL ciphers +espinotee.menu.ssl.all=All SSL ciphers (most compatible) espinotee.menu.ssl.all.build.sslflags= -espinotee.menu.ssl.basic=Basic SSL ciphers +espinotee.menu.ssl.basic=Basic SSL ciphers (lower ROM use) espinotee.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espinotee.upload.resetmethod=nodemcu espinotee.build.flash_mode=qio @@ -4610,9 +4610,9 @@ wifinfo.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wifinfo.menu.exception.enabled=Enabled wifinfo.menu.exception.enabled.build.exception_flags=-fexceptions wifinfo.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -wifinfo.menu.ssl.all=All SSL ciphers +wifinfo.menu.ssl.all=All SSL ciphers (most compatible) wifinfo.menu.ssl.all.build.sslflags= -wifinfo.menu.ssl.basic=Basic SSL ciphers +wifinfo.menu.ssl.basic=Basic SSL ciphers (lower ROM use) wifinfo.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wifinfo.upload.resetmethod=nodemcu wifinfo.build.flash_mode=qio @@ -4853,9 +4853,9 @@ arduino-esp8266.menu.exception.disabled.build.stdcpp_lib=-lstdc++ arduino-esp8266.menu.exception.enabled=Enabled arduino-esp8266.menu.exception.enabled.build.exception_flags=-fexceptions arduino-esp8266.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -arduino-esp8266.menu.ssl.all=All SSL ciphers +arduino-esp8266.menu.ssl.all=All SSL ciphers (most compatible) arduino-esp8266.menu.ssl.all.build.sslflags= -arduino-esp8266.menu.ssl.basic=Basic SSL ciphers +arduino-esp8266.menu.ssl.basic=Basic SSL ciphers (lower ROM use) arduino-esp8266.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC arduino-esp8266.upload.resetmethod=ck arduino-esp8266.build.flash_mode=qio @@ -5042,9 +5042,9 @@ gen4iod.menu.exception.disabled.build.stdcpp_lib=-lstdc++ gen4iod.menu.exception.enabled=Enabled gen4iod.menu.exception.enabled.build.exception_flags=-fexceptions gen4iod.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -gen4iod.menu.ssl.all=All SSL ciphers +gen4iod.menu.ssl.all=All SSL ciphers (most compatible) gen4iod.menu.ssl.all.build.sslflags= -gen4iod.menu.ssl.basic=Basic SSL ciphers +gen4iod.menu.ssl.basic=Basic SSL ciphers (lower ROM use) gen4iod.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC gen4iod.upload.resetmethod=nodemcu gen4iod.build.flash_mode=dio @@ -5231,9 +5231,9 @@ oak.menu.exception.disabled.build.stdcpp_lib=-lstdc++ oak.menu.exception.enabled=Enabled oak.menu.exception.enabled.build.exception_flags=-fexceptions oak.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -oak.menu.ssl.all=All SSL ciphers +oak.menu.ssl.all=All SSL ciphers (most compatible) oak.menu.ssl.all.build.sslflags= -oak.menu.ssl.basic=Basic SSL ciphers +oak.menu.ssl.basic=Basic SSL ciphers (lower ROM use) oak.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC oak.upload.resetmethod=none oak.build.flash_mode=dio @@ -5419,9 +5419,9 @@ wifiduino.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wifiduino.menu.exception.enabled=Enabled wifiduino.menu.exception.enabled.build.exception_flags=-fexceptions wifiduino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -wifiduino.menu.ssl.all=All SSL ciphers +wifiduino.menu.ssl.all=All SSL ciphers (most compatible) wifiduino.menu.ssl.all.build.sslflags= -wifiduino.menu.ssl.basic=Basic SSL ciphers +wifiduino.menu.ssl.basic=Basic SSL ciphers (lower ROM use) wifiduino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wifiduino.upload.resetmethod=nodemcu wifiduino.build.flash_mode=dio @@ -5607,9 +5607,9 @@ wifi_slot.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wifi_slot.menu.exception.enabled=Enabled wifi_slot.menu.exception.enabled.build.exception_flags=-fexceptions wifi_slot.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -wifi_slot.menu.ssl.all=All SSL ciphers +wifi_slot.menu.ssl.all=All SSL ciphers (most compatible) wifi_slot.menu.ssl.all.build.sslflags= -wifi_slot.menu.ssl.basic=Basic SSL ciphers +wifi_slot.menu.ssl.basic=Basic SSL ciphers (lower ROM use) wifi_slot.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wifi_slot.upload.resetmethod=nodemcu wifi_slot.menu.FlashFreq.40=40MHz @@ -5895,9 +5895,9 @@ wiolink.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wiolink.menu.exception.enabled=Enabled wiolink.menu.exception.enabled.build.exception_flags=-fexceptions wiolink.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -wiolink.menu.ssl.all=All SSL ciphers +wiolink.menu.ssl.all=All SSL ciphers (most compatible) wiolink.menu.ssl.all.build.sslflags= -wiolink.menu.ssl.basic=Basic SSL ciphers +wiolink.menu.ssl.basic=Basic SSL ciphers (lower ROM use) wiolink.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wiolink.upload.resetmethod=nodemcu wiolink.build.flash_mode=qio @@ -6083,9 +6083,9 @@ espectro.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espectro.menu.exception.enabled=Enabled espectro.menu.exception.enabled.build.exception_flags=-fexceptions espectro.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc -espectro.menu.ssl.all=All SSL ciphers +espectro.menu.ssl.all=All SSL ciphers (most compatible) espectro.menu.ssl.all.build.sslflags= -espectro.menu.ssl.basic=Basic SSL ciphers +espectro.menu.ssl.basic=Basic SSL ciphers (lower ROM use) espectro.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espectro.upload.resetmethod=nodemcu espectro.build.flash_mode=dio diff --git a/tools/boards.txt.py b/tools/boards.txt.py index 60cd2abed9..3338330f27 100755 --- a/tools/boards.txt.py +++ b/tools/boards.txt.py @@ -1077,9 +1077,9 @@ ######################## SSL supported protocols 'ssl_cipher_menu': collections.OrderedDict([ - ( '.menu.ssl.all', 'All SSL ciphers' ), + ( '.menu.ssl.all', 'All SSL ciphers (most compatible)' ), ( '.menu.ssl.all.build.sslflags', ''), - ( '.menu.ssl.basic', 'Basic SSL ciphers' ), + ( '.menu.ssl.basic', 'Basic SSL ciphers (lower ROM use)' ), ( '.menu.ssl.basic.build.sslflags', '-DBEARSSL_SSL_BASIC'), ]),