Use SSL_CIPHERSUITES in example configs

This commit is contained in:
Manuel Pégourié-Gonnard 2014-06-30 19:22:44 +02:00 committed by Paul Bakker
parent dfc7df0bec
commit cc10f4ddfe
3 changed files with 14 additions and 2 deletions

View file

@ -3,7 +3,7 @@
* Distinguishing features: * Distinguishing features:
* - no bignum, no PK, no X509 * - no bignum, no PK, no X509
* - fully modern and secure (provided the pre-shared keys have high entropy) * - fully modern and secure (provided the pre-shared keys have high entropy)
* - very low record overhead if using the CCM-8 suites * - very low record overhead with CCM-8
* - optimized for low RAM usage * - optimized for low RAM usage
* *
* See README.txt for usage instructions. * See README.txt for usage instructions.
@ -43,6 +43,13 @@
*/ */
#define ENTROPY_MAX_SOURCES 2 #define ENTROPY_MAX_SOURCES 2
/*
* Use only CCM_8 ciphersuites, and
* save ROM and a few bytes of RAM by specifying our own ciphersuite list
*/
#define SSL_CIPHERSUITES \
TLS_PSK_WITH_AES_256_CCM_8, \
TLS_PSK_WITH_AES_128_CCM_8
/* /*
* Save RAM at the expense of interoperability: do this only if you control * Save RAM at the expense of interoperability: do this only if you control
* both ends of the connection! (See coments in "polarssl/ssl.h".) * both ends of the connection! (See coments in "polarssl/ssl.h".)

View file

@ -77,6 +77,11 @@
*/ */
#define ENTROPY_MAX_SOURCES 2 #define ENTROPY_MAX_SOURCES 2
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define SSL_CIPHERSUITES \
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
/* /*
* Save RAM at the expense of interoperability: do this only if you control * Save RAM at the expense of interoperability: do this only if you control
* both ends of the connection! (See coments in "polarssl/ssl.h".) * both ends of the connection! (See coments in "polarssl/ssl.h".)

View file

@ -20,7 +20,7 @@ my %configs = (
'config-picocoin.h' 'config-picocoin.h'
=> 0, => 0,
'config-ccm-psk-tls1_2.h' 'config-ccm-psk-tls1_2.h'
=> '-m tls1_2 -f \'TLS-PSK.*AES.*CCM\'', => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
); );
# If no config-name is provided, use all known configs. # If no config-name is provided, use all known configs.