Gray C++ Libraries  0.0.2
A set of C++ libraries for MSVC, GNU on Windows, WinCE, Linux
cSSLCompileOptions.h
Go to the documentation of this file.
1 //
3 // All consumers of these classes must use the same flags of course. (external consumers)
4 //
5 #ifndef _INC_cSSLCompileOptions_H
6 #define _INC_cSSLCompileOptions_H
7 #ifndef NO_PRAGMA_ONCE
8 #pragma once
9 #endif
10 
11 namespace GrayLib {}
12 namespace GraySSL { using namespace GrayLib; using namespace Gray; }; // TODO MOVE this to each file.
13 
14 #ifdef _DEBUG
15 
16 // #define USE_SSL_AEAD_RANDOM_IV
17 #define USE_SSL_DEBUG_WARN // Enable the debug messages in SSL module for all issues.
18 #define USE_SSL_SRV_RESPECT_CLIENT_PREFERENCE
19 #define USE_SSL_RENEGOTIATION // for testing.
20 
21 #endif // _DEBUG
22 
23 #define USE_SSL_DEBUG // provides debugging functions.
24 
25 #define USE_SSL_VER_SSL_3 // Enable support for SSL 3.0. (NOT SECURE)
26 #define USE_SSL_VER_TLS_1_0 // Enable support for TLS 1.0.
27 #define USE_SSL_VER_TLS_1_1 // Enable support for TLS 1.1.
28 
29 // Requires: at least one ECPGroup_XXX_ENABLED
30 #define USE_Key_EC // Enable the EC (elliptic curve) keys.
31 #define USE_Key_RSA // Enable the RSA public-key cryptosystem.
32 
33 #define USE_SSL_X509_CRT_PARSE // Enable X.509 certificate parsing.
34 #define USE_SSL_CLIENT // Enable the SSL/TLS client code.
35 #define USE_SSL_SERVER // Enable the SSL/TLS server code.
36 
37 // Standard ECDSA is "fragile" in the sense that lack of entropy when signing may result in a compromise of the long-term signing key.
38 // This is avoided by the deterministic variant.
39 #define USE_ECDSA_DETERMINISTIC // Enable deterministic ECDSA (RFC 6979).
40 
41 // This enables the following ciphersuites (if other requisites are enabled as well):
42 // TLS_PSK_WITH_AES_256_GCM_SHA384
43 // TLS_PSK_WITH_AES_256_CBC_SHA384
44 // TLS_PSK_WITH_AES_256_CBC_SHA
45 // TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
46 // TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
47 // TLS_PSK_WITH_AES_128_GCM_SHA256
48 // TLS_PSK_WITH_AES_128_CBC_SHA256
49 // TLS_PSK_WITH_AES_128_CBC_SHA
50 // TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
51 // TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
52 // TLS_PSK_WITH_3DES_EDE_CBC_SHA
53 // TLS_PSK_WITH_RC4_128_SHA
54 //
55 #define USE_SSL_KeyExchange_PSK // Enable the PSK based ciphersuite modes in SSL / TLS.
56 
57 // This enables the following ciphersuites (if other requisites are enabled as well):
58 // TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
59 // TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
60 // TLS_DHE_PSK_WITH_AES_256_CBC_SHA
61 // TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
62 // TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
63 // TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
64 // TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
65 // TLS_DHE_PSK_WITH_AES_128_CBC_SHA
66 // TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
67 // TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
68 // TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
69 // TLS_DHE_PSK_WITH_RC4_128_SHA
70 //
71 #define USE_SSL_KeyExchange_DHE_PSK // Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
72 
73 // This enables the following ciphersuites (if other requisites are enabled as well):
74 // TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
75 // TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
76 // TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
77 // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
78 // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
79 // TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
80 // TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
81 // TLS_ECDHE_PSK_WITH_RC4_128_SHA
82 #define USE_SSL_KeyExchange_ECDHE_PSK // Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
83 
84 //
85 // Requires: USE_Key_RSA, USE_SSL_X509_CRT_PARSE
86 // This enables the following ciphersuites (if other requisites are enabled as well):
87 // TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
88 // TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
89 // TLS_RSA_PSK_WITH_AES_256_CBC_SHA
90 // TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
91 // TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
92 // TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
93 // TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
94 // TLS_RSA_PSK_WITH_AES_128_CBC_SHA
95 // TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
96 // TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
97 // TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
98 // TLS_RSA_PSK_WITH_RC4_128_SHA
99 //
100 #define USE_SSL_KeyExchange_RSA_PSK // Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
101 
102 //
103 // Requires: USE_Key_RSA, USE_SSL_X509_CRT_PARSE
104 //
105 // This enables the following ciphersuites (if other requisites are enabled as well):
106 // TLS_RSA_WITH_AES_256_GCM_SHA384
107 // TLS_RSA_WITH_AES_256_CBC_SHA256
108 // TLS_RSA_WITH_AES_256_CBC_SHA
109 // TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
110 // TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
111 // TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
112 // TLS_RSA_WITH_AES_128_GCM_SHA256
113 // TLS_RSA_WITH_AES_128_CBC_SHA256
114 // TLS_RSA_WITH_AES_128_CBC_SHA
115 // TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
116 // TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
117 // TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
118 // TLS_RSA_WITH_3DES_EDE_CBC_SHA
119 // TLS_RSA_WITH_RC4_128_SHA
120 // TLS_RSA_WITH_RC4_128_MD5
121 //
122 #define USE_SSL_KeyExchange_RSA // Enable the RSA-only based ciphersuite modes in SSL / TLS.
123 
124 // Requires: USE_SSL_DHM, USE_Key_RSA, USE_SSL_X509_CRT_PARSE
125 //
126 // This enables the following ciphersuites (if other requisites are enabled as well):
127 // TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
128 // TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
129 // TLS_DHE_RSA_WITH_AES_256_CBC_SHA
130 // TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
131 // TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
132 // TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
133 // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
134 // TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
135 // TLS_DHE_RSA_WITH_AES_128_CBC_SHA
136 // TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
137 // TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
138 // TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
139 // TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
140 //
141 #define USE_SSL_KeyExchange_DHE_RSA // Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
142 
143 // Requires: USE_SSL_ECDH, USE_Key_RSA, USE_SSL_X509_CRT_PARSE
144 //
145 // This enables the following ciphersuites (if other requisites are enabled as well):
146 // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
147 // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
148 // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
149 // TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
150 // TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
151 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
152 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
153 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
154 // TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
155 // TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
156 // TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
157 // TLS_ECDHE_RSA_WITH_RC4_128_SHA
158 //
159 #define USE_SSL_KeyExchange_ECDHE_RSA // Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
160 
161 // Requires: USE_SSL_ECDH, USE_Key_ECDSA, USE_SSL_X509_CRT_PARSE,
162 //
163 // This enables the following ciphersuites (if other requisites are enabled as well):
164 // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
165 // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
166 // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
167 // TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
168 // TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
169 // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
170 // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
171 // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
172 // TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
173 // TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
174 // TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
175 // TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
176 //
177 #define USE_SSL_KeyExchange_ECDHE_ECDSA // Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
178 
179 // Requires: USE_SSL_ECDH, USE_SSL_X509_CRT_PARSE
180 //
181 // This enables the following ciphersuites (if other requisites are enabled as well):
182 // TLS_ECDH_ECDSA_WITH_RC4_128_SHA
183 // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
184 // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
185 // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
186 // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
187 // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
188 // TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
189 // TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
190 // TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
191 // TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
192 // TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
193 // TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
194 //
195 #define USE_SSL_KeyExchange_ECDH_ECDSA // Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
196 
197 // Requires: USE_SSL_ECDH, USE_SSL_X509_CRT_PARSE
198 //
199 // This enables the following ciphersuites (if other requisites are enabled as well):
200 // TLS_ECDH_RSA_WITH_RC4_128_SHA
201 // TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
202 // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
203 // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
204 // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
205 // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
206 // TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
207 // TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
208 // TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
209 // TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
210 // TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
211 // TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
212 //
213 #define USE_SSL_KeyExchange_ECDH_RSA // Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
214 
215 // Requires: USE_Key_RSA
216 #define USE_PKCS1_VER_21 // Enable support for PKCS#1 v2.1 encoding. // This enables support for RSAES-OAEP and RSASSA-PSS operations.
217 
218 // Generate a random IV rather than using the record sequence number as a nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
219 // Using the sequence number is generally recommended.
220 // Uncomment this macro to always use random IVs with AEAD ciphersuites.
221 //
222 //#define USE_SSL_AEAD_RANDOM_IV
223 
224 // This is a countermeasure to the BEAST attack, which also minimizes the risk
225 // of interoperability issues compared to sending 0-length records.
226 // Comment this macro to disable 1/n-1 record splitting.
227 //
228 #define USE_SSL_CBC_RECORD_SPLITTING // Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
229 
230 // SSL Server module (USE_SSL_SERVER).
231 // Comment this macro to disable support for SSLv2 Client Hello messages.
232 #define USE_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO // Enable support for receiving and parsing SSLv2 Client Hello messages
233 
234 // Pick the ciphersuite according to the client's preferences rather than ours
235 // in the SSL Server module (USE_SSL_SERVER).
236 // Uncomment this macro to respect client's ciphersuite order
237 
238 //#define USE_SSL_SRV_RESPECT_CLIENT_PREFERENCE
239 
240 #define USE_SSL_SESSION_TICKETS // Enable support for RFC 5077 session tickets in SSL. // Comment this macro to disable support for SSL session tickets
241 #define USE_SSL_SERVER_NAME_INDICATION // Enable support for RFC 6066 server name indication (SNI) in SSL.
242 
243 // This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other requisites are enabled as well.
244 #define USE_CIPHER_BLOCK_GCM // Enable the Galois/Counter Mode (GCM) for AES.
245 
246 // Disabling this avoids problems with mis-issued and/or misused (intermediate) CA and leaf certificates.
248 // Comment to skip keyUsage checking for both CA and leaf certificates.
249 #define USE_SSL_X509_CHECK_KEY_USAGE // Enable verification of the keyUsage extension (CA and leaf certificates).
250 
251 // This module is used by the following key exchanges: ECDHE-ECDSA
252 // Requires: USE_Key_EC
253 #define USE_Key_ECDSA // Enable the elliptic curve DSA library.
254 
255 // This module enables the AES-CCM ciphersuites, if other requisites are enabled as well.
256 #define USE_CIPHER_BLOCK_CCM // Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
257 
258 // This module is used by the following key exchanges: ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
259 // Requires: USE_Key_EC
260 #define USE_SSL_ECDH // Enable the elliptic curve Diffie-Hellman library.
261 
262 // This module enables the following ciphersuites (if other requisites are enabled as well):
263 // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
264 // TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
265 // TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
266 // TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
267 // TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
268 // TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
269 // TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
270 // TLS_RSA_WITH_3DES_EDE_CBC_SHA
271 // TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
272 // TLS_PSK_WITH_3DES_EDE_CBC_SHA
273 //
274 // PEM_PARSE uses DES/3DES for decrypting encrypted keys.
275 //
276 #define USE_CIPHER_DES // Enable the DES block cipher.
277 
278 // This module is used by the following key exchanges: DHE-RSA, DHE-PSK
279 #define USE_SSL_DHM // Enable the Diffie-Hellman-Merkle module.
280 
281 #endif
GrayLib
Definition: cMesh.h:22
GraySSL
Definition: GraySSL.cpp:11
Gray
< The main namespace for all Core functions.
Definition: GrayCore.cpp:14