On Thu, Jun 15, 2023 at 04:32:11PM +0200, Petr Štetiar wrote: > During the years we've learned it hard way, that we needed to make a lot > of compromises while using flash space friendly micro TLS libraries like > mbedTLS/wolfSSL in order to provide more or less up to date security > features on most supported devices. > > Most of the recent and decent devices have plenty of storage space, so > there is no need to make such compromises anymore and we could simply > use battle tested OpenSSL on such targets by default as storage space > increase is around 1.5 MiB, which is no brainer. > > So lets make it possible to use OpenSSL on grand flash devices and > switch to libustream-openssl and wpad-basic-openssl by default there. > > This should have no functional change, the target needs to actually > explicitly define `FEATURES := grand_flash` in order to have OpenSSL by > default. > > References: #12874 > Signed-off-by: Petr Štetiar <yn...@true.cz>
Love this and the other series, me and also other member discussed this idea in meeting and IRC so finally this is getting proposed. Anyway I think also other package needs to be updated for this or I think we will have a situation where we have multiple SSL lib selected. libcurl is the first example I can think of. This is just to alert that we will have this situation until we migrate each package to the new TLS_PROVIDED option. _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
