File tree Expand file tree Collapse file tree 1 file changed +13
-2
lines changed
Expand file tree Collapse file tree 1 file changed +13
-2
lines changed Original file line number Diff line number Diff line change @@ -800,6 +800,11 @@ extern time_t m2mb_xtime_ms(time_t * timer);
800800# define XTIME_MS(tl) m2mb_xtime_ms((tl))
801801` ` `
802802
803+ # ### WOLFSSL_CIPHER_TEXT_CHECK
804+
805+ Define this to check for possible glitching attack against the AES encrypt
806+ operation during a TLS connection.
807+
803808# ## Reducing Memory or Code Usage
804809
805810# ### TFM_TIMING_RESISTANT
@@ -1359,11 +1364,17 @@ Enable all OpenSSL API.
13591364
13601365### `--enable-maxstrength`
13611366
1362- Enable Max Strength build, allows TSLv1.2-AEAD-PFS ciphers only
1367+ Enable Max Strength build, allows TSLv1.2-AEAD-PFS ciphers only. This is
1368+ disabled by default because it can cause interoperability issues. It also
1369+ enables glitching detection.
13631370
13641371### `--disable-harden`
13651372
1366- Disable Hardened build, Enables Timing Resistance and Blinding
1373+ Disable hardening, timing resistance and RSA blinding. Disabling this feature
1374+ can give performance improvements.
1375+
1376+ **NOTE** Hardening provides mitigations against side channel attacks. Only
1377+ disable this feature after careful consideration.
13671378
13681379### `--enable-ipv6`
13691380
You can’t perform that action at this time.
0 commit comments