1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
option('cadir', type : 'string', value : '/etc/ssl/certs',
description : 'This is the ucspi-ssl CA directory. An empty name means no certificate directory is compiled in.')
option('cafile', type : 'string', value : '',
description : 'This is the ucspi-ssl CA file. An empty name means no certificate file is compiled in.')
option('ccafile', type : 'string', value : '',
description : 'This is the ucspi-ssl client CA file. An empty name means no client certificate file is compiled in.')
option('certfile', type : 'string', value : '',
description : 'This is the sslserver certificate file. An empty name means no certificate file is compiled in.')
option('certchainfile', type : 'string', value : '',
description : 'This is the sslserver certificate file. An empty name means no certificate file is compiled in.')
option('dhfile', type : 'string', value : 'etc/dh2048.pem',
description : 'This is ucspi-ssls DH parameter file.')
option('keyfile', type : 'string', value : '',
description : 'This is the sslserver key file. An empty name means no key file is compiled in.')
# This is the list of ciphers to use. Sample for TLS < 1.3:
# ALL:!EXP:!MD5:!RC4:!ADH:!DES:!3DES:!PSK:!aNULL
# This is the list of ciphers to use. Sample for TLS 1.3:
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
#
# Comment:
# a) CHACHA20_POLY1305 has preference (hardest to break)
# b) AES_128_GCM comes next (-> GCM is 128 bit only!)
# c) AES_256_GCM is last (AES is mostly HW accelerated)
option('ciphers', type : 'string', value : '',
description : 'TLS ciphers. An empty name means use the ciphers compiled into openssl.')
option('lib-only', type : 'boolean', value : false, description : 'build only libucspissl')
option('sslperl', type : 'feature', description : 'Build the sslperl program.')
|
