likely to complement configuration command line with
suitable compiler-specific option.
- enable-tls1_3
- TODO(TLS1.3): Make this enabled by default
- Build support for TLS1.3. Note: This is a WIP feature and
- only a single draft version is supported. Implementations
- of different draft versions will negotiate TLS 1.2 instead
- of (draft) TLS 1.3. Use with caution!!
-
no-<prot>
Don't build support for negotiating the specified SSL/TLS
- protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
- dtls1 or dtls1_2). If "no-tls" is selected then all of tls1,
- tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will
- disable dtls1 and dtls1_2. The "no-ssl" option is synonymous
- with "no-ssl3". Note this only affects version negotiation.
- OpenSSL will still provide the methods for applications to
- explicitly select the individual protocol versions.
+ protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2,
+ tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then
+ all of tls1, tls1_1, tls1_2 and tls1_3 are disabled.
+ Similarly "no-dtls" will disable dtls1 and dtls1_2. The
+ "no-ssl" option is synonymous with "no-ssl3". Note this only
+ affects version negotiation. OpenSSL will still provide the
+ methods for applications to explicitly select the individual
+ protocol versions.
no-<prot>-method
As for no-<prot> but in addition do not build the methods for
applications to explicitly select individual protocol
- versions.
+ versions. Note that there is no "no-tls1_3-method" option
+ because there is no application method for TLSv1.3. Using
+ individual protocol methods directly is deprecated.
+ Applications should use TLS_method() instead.
enable-<alg>
Build with support for the specified algorithm, where <alg>
no-<alg>
Build without support for the specified algorithm, where
- <alg> is one of: bf, blake2, camellia, cast, chacha, cmac,
- des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305,
- rc2, rc4, rmd160, scrypt, seed, siphash, sm3, sm4 or
- whirlpool. The "ripemd" algorithm is deprecated and if used
- is synonymous with rmd160.
+ <alg> is one of: aria, bf, blake2, camellia, cast, chacha,
+ cmac, des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb,
+ poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm3, sm4
+ or whirlpool. The "ripemd" algorithm is deprecated and if
+ used is synonymous with rmd160.
-Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
These system specific options will be recognised and
precedence over environment variables that are defined
when reconfiguring.
+ Displaying configuration data
+ -----------------------------
+
+ The configuration script itself will say very little, and finishes by
+ creating "configdata.pm". This perl module can be loaded by other scripts
+ to find all the configuration data, and it can also be used as a script to
+ display all sorts of configuration data in a human readable form.
+
+ For more information, please do:
+
+ $ ./configdata.pm --help # Unix
+
+ or
+
+ $ perl configdata.pm --help # Windows and VMS
+
Installation in Detail
----------------------
uninstall
Uninstall all OpenSSL components.
+ reconfigure
+ reconf
+ Re-run the configuration process, as exactly as the last time
+ as possible.
+
update
This is a developer option. If you are developing a patch for
OpenSSL you may need to use this if you want to update
projects / openssl.git / blobdiff