Add comment.

2023-03-28 14:14:40 +02:00 · 2023-03-28 14:14:40 +02:00 · 7116f1e005
parent f0ad01f552
commit 7116f1e005
2 changed files with 5 additions and 1 deletions
--- a/configure.ac
+++ b/configure.ac
@ -179,7 +179,7 @@ ENABLED_CERTS="no"

 # Implements requirements from RFC9325
 AC_ARG_ENABLE([harden-tls],
-    [AS_HELP_STRING([--enable-harden-tls],[Enable requirements from RFC9325. Possible values are <yes>, <112>, or <128> (default: disabled)])],
+    [AS_HELP_STRING([--enable-harden-tls],[Enable requirements from RFC9325. Possible values are <yes>, <112>, or <128>. <yes> is equivalent to <112>. (default: disabled)])],
    [ ENABLED_HARDEN_TLS=$enableval ],
    [ ENABLED_HARDEN_TLS=no ]
    )
--- a/src/internal.c
+++ b/src/internal.c
@ -79,6 +79,10 @@
 *     by default.
 *     https://www.rfc-editor.org/rfc/rfc8446#section-5.5
 *     https://www.rfc-editor.org/rfc/rfc9147.html#name-aead-limits
+ * WOLFSSL_HARDEN_TLS
+ *     Implement the recommendations specified in RFC9325. This macro needs to
+ *     be defined to the desired amount of bits of security. The currently
+ *     implemented values are 112 and 128 bits.
 */