From cc10f4ddfe3ff71e8fa829aeecbf66efbd298997 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 30 Jun 2014 19:22:44 +0200 Subject: [PATCH] Use SSL_CIPHERSUITES in example configs --- configs/config-ccm-psk-tls1_2.h | 9 ++++++++- configs/config-suite-b.h | 5 +++++ tests/scripts/test-ref-configs.pl | 2 +- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index f425391d0..c80c912ed 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -3,7 +3,7 @@ * Distinguishing features: * - no bignum, no PK, no X509 * - fully modern and secure (provided the pre-shared keys have high entropy) - * - very low record overhead if using the CCM-8 suites + * - very low record overhead with CCM-8 * - optimized for low RAM usage * * See README.txt for usage instructions. @@ -43,6 +43,13 @@ */ #define ENTROPY_MAX_SOURCES 2 +/* + * Use only CCM_8 ciphersuites, and + * save ROM and a few bytes of RAM by specifying our own ciphersuite list + */ +#define SSL_CIPHERSUITES \ + TLS_PSK_WITH_AES_256_CCM_8, \ + TLS_PSK_WITH_AES_128_CCM_8 /* * Save RAM at the expense of interoperability: do this only if you control * both ends of the connection! (See coments in "polarssl/ssl.h".) diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index d10cf6320..cd38f3334 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -77,6 +77,11 @@ */ #define ENTROPY_MAX_SOURCES 2 +/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ +#define SSL_CIPHERSUITES \ + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + /* * Save RAM at the expense of interoperability: do this only if you control * both ends of the connection! (See coments in "polarssl/ssl.h".) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 9b09e3464..6546b05af 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -20,7 +20,7 @@ my %configs = ( 'config-picocoin.h' => 0, 'config-ccm-psk-tls1_2.h' - => '-m tls1_2 -f \'TLS-PSK.*AES.*CCM\'', + => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', ); # If no config-name is provided, use all known configs.