What is the minimal build configuration for TLS only?

[ecorm]

What are the no_xxx configure options I can safely use when building OpenSSL where I only need TLS support? I would like to reduce the build time, but I don't want to accidentally disable features that would render TLS less secure.

The built OpenSSL library would be statically linked to a C++ application that uses Boost.Asio.

---

To get the ball rolling, here is a WIP table of the various no_xxx options, my notes on what they do and my best guess on whether they're needed.

DISCLAIMER: I am not a crytography or internet security expert. Use these options at your own risk.

Option	Feature	Feature Desired?
no-afalgeng	AF_ALG engine	No engines loaded by Asio
no-apps	Programs, including openssl	If openssl program is needed to manage certificates
no-asm	Assembler code	Yes
no-async	Async operations	Not directly used by Asio
no-atexit	atexit registration of OPENSSL_cleanup	?
no-autoalginit	Automatically load all supported ciphers and digests	Undesirable for statically linked applications
no-autoerrinit	Automatically load all libcrypto/libssl error strings	Undesirable for statically linked applications
no-autoload-config	Automatically load the default openssl.cnf file	Yes?
no-bulk	Used internally for CI build tests of the project	No
no-cached-fetch	Cache algorithms when they are fetched from a provider	Yes, for better performance at the cost of memory usage
no-capieng	CAPI engine (Microsoft CryptoAPI)	No engines loaded by Asio
no-cmp	Certificate Management Protocol and Certificate Request Message Format support	If openssl-cmp program needed
no-cms	Support for Cryptographic Message Syntax (CMS)	No
no-comp	SSL/TLS compression	No, because of CRIME
no-ct	Support for Certificate Transparency (CT)	Not used by Asio
no-dgram	Support for datagram based BIOs	Not used by Asio
no-docs	Build and install documentation	No
no-dso	Support for loading Dynamic Shared Objects	No engines loaded by Asio
no-dynamic-engine	Support for dynamically loaded engines	No engines loaded by Asio
no-ec	Support for Elliptic Curves	Yes, for signing/verifying ECDSA certificates?
no-ecx	Something about elliptic curves?	?
no-ec2m	Support for binary Elliptic Curves	?
no-engine	Support for loading engines	No engines loaded by Asio
no-err	Error strings	Yes, used by Asio
no-filenames	Filename and line number information	No
no-fips-securitychecks	FIPS module run-time checks	Only affects openssl-fipsinstall program
no-gost	Support for GOST based ciphersuites	No engines loaded by Asio
no-http	HTTP support	No
no-legacy	Legacy provider	No
no-makedepend	Generate dependencies	?
no-module	Build dynamically loadable engines	No engines loaded by Asio
no-multiblock	Support for writing multiple records in one go	Yes, for performance
no-nextprotoneg	Next Protocol Negotiation (NPN) TLS extension	No, only used for experimental SPDY
no-ocsp	Online Certificate Status Protocol support	Not used by Asio
no-padlockeng	VIA Padlock engine	No engines loaded by Asio
no-hw-padlock	Synonym for no-padlockeng	Deprecated
no-pic	Support for Position Independent Code	Yes
no-pinshared	Pin the shared libraries	Only for shared library builds
no-posix-io	Use POSIX IO capabilities	?
no-psk	Support for Pre-Shared Key based ciphersuites	If TLS-PSK support is desired
no-rdrand	Use hardware RDRAND capabilities	Yes
no-rfc3779	Support for RFC3779, "X.509 Extensions for IP Addresses and AS Identifiers"	?
no-secure-memory	Secure memory heap	Yes
no-shared	Create shared libraries	If shared libraries are desired
no-sm2-precomp	Using the SM2 precomputed table on aarch64 to make the library smaller	If using SM2 on ARM64
no-sock	Support for socket BIOs	Not used by Asio
no-srp	Support for Secure Remote Password (SRP) protocol or SRP based ciphersuites	If TLS-SRP desired on TLS<1.3
no-srtp	Secure Real-Time Transport Protocol (SRTP) support	No
no-sse2	Include SSE2 code paths in 32-bit x86 assembly modules	?
no-ssl-trace	SSL Trace capabilities	Not used by Asio
no-static-engine	Build the statically linked engines	No engines loaded by Asio
no-stdio	Use the FILE type from stdio.h (needed for programs)	If programs are desired
no-tests	Build test programs	No
no-quic	QUIC support	No
no-threads	Support for multi-threaded applications	Yes
no-thread-pool	Support for thread pool functionality	?
no-default-thread-pool	Support for default thread pool functionality	?
no-ts	Time Stamping (TS) Authority support	No?
no-ui-console	Build with the User Interface (UI) console method	Not used by Asio
no-uplink	Support for UPLINK interface	No?
no-winstore	Windows certificate store	Yes?
no-{protocol}	Support for negotiating TSL/SSL/DTLS protocol versions	Only TLS 1.2/1.3 now recommended
no-{protocol}-method	Build the methods for selecting TSL/SSL/DTLS protocol versions	Only TLS 1.2/1.3 now recommended
no-argon2	Argon2 hash	No
no-aria	ARIA cipher	Supported by TLS 1.2
no-bf	Blowfish cipher	No
no-blake2	Blake2 hash	No
no-camellia	Camellia cipher	Supported by TLS 1.2
no-cast	CAST cipher	No
no-chacha	ChaCha20 cipher	Supported by TLS 1.2 & TLS 1.3
no-cmac	CMAC MAC	No
no-des	DES cipher	Needed to decrypt private keys generated by openssl req
no-dh	Diffie-Hellman key agreement	Used by SSL/TLS
no-dsa	Digital Signature Algorithm	No
no-ecdh	Elliptic-Curve Diffie-Hillman	Supported by TLS <= 1.3
no-ecdsa	Elliptic Curve Digital Signature Algorithm	Supported by TLS <= 1.3
no-idea	International Data Encyption Algorithm	Insecure, removed from TLS 1.2
no-md4	MD4 hash	No
no-mdc2	MDC-2 hash	No
no-ocb	Offset codebook mode	No
no-poly1305	Poly1305 hash	Supported by TLS 1.2/1.3
no-rc2	RC2 cipher	Insecure, forbidden in TLS >= 1.1
no-rc4	RC4 cipher	Insecure, forbidden in TLS
no-rmd160	RIPE Message Digest	No
no-scrypt	scrypt password-based key derivation function	No
no-seed	SEED cipher	Supported by TLS < 1.3, SEED CBC susceptible to Lucky 13 attack
no-siphash	SipHash	No
no-siv	SIV mode ciphers	No
no-sm2	Chinese SM2 signature and encryption algorithm support	No
no-sm3	Chinese SM3 hash	No
no-sm4	Chinese SM4 cipher	No
no-whirlpool	Whirpool hash	No

[ecorm]

Here are Configure options I tried that are sufficient for building static libraries and the openssl program. I have not yet tried linking the resulting libraries in an Asio-based program. Nor have I tried generating certificates with the resulting openssl program.

./Configure no-shared no-afalgeng no-async no-capieng no-cmp no-cms no-comp no-ct \
no-docs no-dgram no-dso no-dynamic-engine no-engine no-filenames no-gost \
no-http no-legacy no-module no-nextprotoneg no-ocsp no-padlockeng no-quic no-sock \
no-srp no-srtp no-ssl-trace no-static-engine no-tests no-thread-pool no-ts \
no-ui-console no-uplink no-ssl3-method no-tls1-method no-tls1_1-method \
no-dtls1-method no-dtls1_2-method no-argon2 no-bf no-blake2 no-cast no-cmac \
no-dsa no-idea no-md4 no-mdc2 no-ocb no-rc2 no-rc4 no-rmd160 no-scrypt \
no-siphash no-siv no-sm2 no-sm3 no-sm4 no-whirlpool

I compiled the above without any git submodules. I found a mailing list post somewhere that claims they're only needed for tests. Please let me know if that's incorrect. Anyway, excluding the submodules from the git clone saves a considerable amount of time.

rfc3779 and thread-pool are not needed to compile the libraries and the openssl program, but I don't know if excluding them would have any adverse effects.

[t8m]

Yes, submodules are needed only for the external tests. What's important is to check the ./configdata.pm -d output to see if there aren't any undesirable switched off features due to cascades of disabled features.

Your options will completely switch off the loadable providers support - i.e. only the built-in default provider will be available.

It is never a good idea to build without tests and without actually running the tests as otherwise due to issues with the build environment you might build a non-functional or maybe even worse partially functional but insecure OpenSSL libraries.

Other than that I think your configuration is ok and fairly minimal. I would even switch off the DSA support with no-dsa as it is quite useless nowadays.

[ecorm]

@t8m Thank you. I've added no-dsa to my list above as per your suggestion.

Can you elaborate if rfc3779 or thread-pool are needed?

[t8m]

I would keep rfc3779 on as the default is although it might not be needed for all TLS use cases, but it can be used with certificates. thread-pool is not used for TLS but it is used for QUIC, in particular for the blocking mode implementation. It is also used by Argon2. So if you build with no-quic and no-argon2 you can also add no-thread-pool without any problem.

[t8m]

One more thing you could switch off is the binary field elliptic curves support which is also not used much. Use no-ec2m for that.

[ecorm]

Is ec2m one of the crypto algorithms that can be negotiated via TLS? It's not clear what you mean by "not used much". I don't want to arbitrarily reject clients or servers that want to negotiate a method that hasn't proven to be insecure, even if it's not popular.

[ecorm]

I got an Asio TLS client/server example running with the following configuration:

./Configure no-shared no-afalgeng no-async no-capieng no-cmp no-cms no-comp no-ct \
no-docs no-dgram no-dso no-dynamic-engine no-engine no-filenames no-gost \
no-http no-legacy no-module no-nextprotoneg no-ocsp no-padlockeng no-quic no-sock \
no-srp no-srtp no-ssl-trace no-static-engine no-tests no-thread-pool no-ts \
no-ui-console no-uplink no-ssl3-method no-tls1-method no-tls1_1-method \
no-dtls1-method no-dtls1_2-method no-argon2 no-bf no-blake2 no-cast no-cmac \
no-dsa no-idea no-md4 no-mdc2 no-ocb no-rc2 no-rc4 no-rmd160 no-scrypt \
no-siphash no-siv no-sm2 no-sm3 no-sm4 no-whirlpool

no-thread-pool was indeed safe to add.

It turns out I needed to remove no-des in order for the server to decrypt private keys generated via openssl req.

[StephenWall]

You can use openssl genpkey to create a private key encrypted with e.g. aes256 instead of des, then use that key in the openssl req command. Alternatively, specify openssl req -noenc to not encrypt the private key.