tls: introduce FEATURE_TLS_SHA1 to make SHA1 code optional

When disabled: function old new delta xwrite_encrypted 580 579 -1 prf_hmac_sha256 222 217 -5 hmac_begin 158 149 -9 static.ciphers 32 20 -12 tls_handshake 2115 2095 -20 hmac 87 61 -26 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/6 up/down: 0/-73) Total: -73 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2018-12-10 16:14:58 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2018-12-10 16:14:58 +0100
commit: 71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933 (patch)
tree: b3fd3e6b7ab5315852d9530f2e930159ea860852 /networking/Config.src
parent: dafbc2cdb8825ed36a25f9a6275d5226f35d3bd3 (diff)
download: busybox-w32-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.tar.gz
busybox-w32-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.tar.bz2
busybox-w32-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/networking/Config.src b/networking/Config.src
index 2ce5287de..04d644bc9 100644
--- a/networking/Config.src
+++ b/networking/Config.src
@@ -46,6 +46,17 @@ config VERBOSE_RESOLUTION_ERRORS
        "can't resolve 'hostname.com'" and want to know more.
        This may increase size of your executable a bit.
+config FEATURE_TLS_SHA1
+        bool "In TLS code, support ciphers which use deprecated SHA1"
+        depends on TLS
+        default n
+        help
+        Selecting this option increases interoperability with very old
+        servers, but slightly increases code size.
+        Most TLS servers support SHA256 today (2018), since SHA1 is
+        considered possibly insecure (although not yet definitely broken).
 INSERT
 source networking/udhcp/Config.in
author	Denys Vlasenko <vda.linux@googlemail.com>	2018-12-10 16:14:58 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2018-12-10 16:14:58 +0100
commit	71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933 (patch)
tree	b3fd3e6b7ab5315852d9530f2e930159ea860852 /networking/Config.src
parent	dafbc2cdb8825ed36a25f9a6275d5226f35d3bd3 (diff)
download	busybox-w32-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.tar.gz busybox-w32-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.tar.bz2 busybox-w32-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.zip

diff --git a/networking/Config.src b/networking/Config.src index 2ce5287de..04d644bc9 100644 --- a/networking/Config.src +++ b/networking/Config.src
@@ -46,6 +46,17 @@ config VERBOSE_RESOLUTION_ERRORS
46	"can't resolve 'hostname.com'" and want to know more.	46	"can't resolve 'hostname.com'" and want to know more.
47	This may increase size of your executable a bit.	47	This may increase size of your executable a bit.
48		48
		49	config FEATURE_TLS_SHA1
		50	bool "In TLS code, support ciphers which use deprecated SHA1"
		51	depends on TLS
		52	default n
		53	help
		54	Selecting this option increases interoperability with very old
		55	servers, but slightly increases code size.
		56
		57	Most TLS servers support SHA256 today (2018), since SHA1 is
		58	considered possibly insecure (although not yet definitely broken).
		59
49	INSERT	60	INSERT
50		61
51	source networking/udhcp/Config.in	62	source networking/udhcp/Config.in