Using user_settings.h with wolfSSL

wolfSSL has various examples of user_settings.h files that you could use to configure your build.

For users who can’t make use of Autotools, want to build with a custom IDE, or would like to track and manage their wolfSSL build configuration in a header file, we recommend the use of a custom user_settings.h header file. If WOLFSSL_USER_SETTINGS is defined when compiling the wolfSSL source files, wolfSSL will automatically include a custom header file called user_settings.h. With Autotools, --enable-usersettings can also be used with the configure command to define WOLFSSL_USER_SETTINGS. The header should be created by the user and placed on the include path. This allows users to maintain one single file for their wolfSSL build.

Some example user_settings.h files can be found in the wolfSSL repo here They are listed below.

  • user_settings_template.h: Template that allows modular algorithm and feature selection using #if 0 logic.
  • user_settings_all.h: This is wolfSSL with all features enabled. Equivalent to ./configure --enable-all.
  • user_settings_min_ecc.h: This is ECC and SHA-256 only. For ECC verify only add BUILD_VERIFY_ONLY.
  • user_settings_wolfboot_keytools.h: This is from wolfBoot tools/keytools and is ECC, RSA, ED25519, and ChaCha20.
  • user_settings_fipsv2.h: The FIPS v2 (3389) 140-2 certificate build options.
  • user_settings_fipsv5.h: The FIPS v5 (ready) 140-3 build options. Equivalent to ./configure --enable-fips=v5-dev.
  • user_settings_stm32.h: Example configuration file generated from the wolfSSL STM32 Cube pack.

To use these example configurations:

  1. Copy to your local project and rename to user_settings.h.
  2. Add pre-processor macro WOLFSSL_USER_SETTINGS to your project.
  3. Make sure and include #include <wolfssl/wolfcrypt/settings.h> prior to any other wolfSSL headers in your application.

Do you need any guidance configuring your wolfSSL build? Contact to get some help from our engineers. The wolfSSL embedded SSL/TLS library supports up to TLS 1.3 and DTLS 1.3, and offers certified versions of wolfCrypt for FIPS 140-2 and DO-178C.