tls: introduce FEATURE_TLS_SHA1 to make SHA1 code optional

When disabled: function old new delta xwrite_encrypted 580 579 -1 prf_hmac_sha256 222 217 -5 hmac_begin 158 149 -9 static.ciphers 32 20 -12 tls_handshake 2115 2095 -20 hmac 87 61 -26 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/6 up/down: 0/-73) Total: -73 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2018-12-10 16:14:58 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2018-12-10 16:14:58 +0100
commit: 71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933 (patch)
tree: b3fd3e6b7ab5315852d9530f2e930159ea860852 /networking/Config.src
parent: dafbc2cdb8825ed36a25f9a6275d5226f35d3bd3 (diff)
download: busybox-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/networking/Config.src b/networking/Config.src
index 2ce5287de..04d644bc9 100644
--- a/networking/Config.src
+++ b/networking/Config.src
@@ -46,6 +46,17 @@ config VERBOSE_RESOLUTION_ERRORS
 	"can't resolve 'hostname.com'" and want to know more.
 	This may increase size of your executable a bit.
 
+config FEATURE_TLS_SHA1
+	bool "In TLS code, support ciphers which use deprecated SHA1"
+	depends on TLS
+	default n
+	help
+	Selecting this option increases interoperability with very old
+	servers, but slightly increases code size.
+
+	Most TLS servers support SHA256 today (2018), since SHA1 is
+	considered possibly insecure (although not yet definitely broken).
+
 INSERT
 
 source networking/udhcp/Config.in
author	Denys Vlasenko <vda.linux@googlemail.com>	2018-12-10 16:14:58 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2018-12-10 16:14:58 +0100
commit	71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933 (patch)
tree	b3fd3e6b7ab5315852d9530f2e930159ea860852 /networking/Config.src
parent	dafbc2cdb8825ed36a25f9a6275d5226f35d3bd3 (diff)
download	busybox-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.tar.gz