wolfSSL Max Strength Build

wolfSSL (formerly CyaSSL) recently added a build option called “Max Strength”. This build option forces most cipher suites to be disabled at compile time to prevent their accidental use during run time. Options such as MD5, 3DES, and ARC4 are left out of the build completely.

The cipher suites that are enabled by default have Perfect Forward Security (PFS) and Authenticated ciphers (AEAD). The remaining suites have the AEAD ciphers including at least one of AES-GCM, AES-CCM, or CHACHA-POLY1305; ECDHE or DHE; ECDSA or RSA; SHA-256 and SHA-384. The minimum allowed DHE key bit-size is set to 2048 bits.

To enable the maximum strength build with wolfSSL, on the configure command line add the option “–enable-maxstrength”, or add “#define WOLFSSL_MAX_STRENGTH” to your settings.h file.