Deprecated - Use LibreSSL Portable instead
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw]
[[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm]
[no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity]
os/compiler[:flags]
$ grep -r '^#if.*OPENSSL_NO' . | grep -o 'OPENSSL_NO_[a-zA-Z0-9_]*' | sort -u | sed 's/OPENSSL_//' | tr '[A-Z_]' '[a-z-]'
no-aes
no-algorithms
no-asm
no-bf
no-bio
no-buffer
no-buf-freelists
no-camellia
no-capieng
no-cast
no-chain-verify
no-cms
no-comp
no-decc-init
no-deprecated
no-des
no-descbcm
no-dgram
no-dh
no-dsa
no-dtls1
no-dynamic-engine
no-ec
no-ec2m
no-ecdh
no-ecdsa
no-ec-nistp-64-gcc-128
no-engine
no-err
no-evp
no-fp-api
no-gmp
no-gost
no-hash-comp
no-heartbeats
no-hmac
no-hw
no-hw-4758-cca
no-hw-aep
no-hw-atalla
no-hw-chil
no-hw-cswift
no-hw-ibmca
no-hw-ncipher
no-hw-nuron
no-hw-padlock
no-hw-sureware
no-hw-ubsec
no-hw-zencod
no-idea
no-inline-asm
no-jpake
no-krb5
no-lhash
no-locking
no-md2
no-md4
no-md5
no-mdc2
no-multibyte
no-nextprotoneg
no-object
no-ocsp
no-posix-io
no-psk
no-rc2
no-rc4
no-rc5
no-rdrand
no-rfc3779
no-ripemd
no-ripemd160
no-rmd160
no-rsa
no-rsax
no-sctp
no-seed
no-setvbuf-ionbf
no-sha
no-sha0
no-sha1
no-sha256
no-sha512
no-sock
no-speed
no-srp
no-srtp
no-ssl2
no-ssl3
no-ssl-intern
no-stack
no-static-engine
no-stdio
no-store
no-tls
no-tls1
no-tls1-2-client
no-tlsext
no-whirlpool
no-x509
no-x509-verify
* Default
-
ec - Elliptic curve support*
-
no-ec - No Elliptic curve support
-
ecdsa - *
-
no-ecdsa
-
ecdh - *
-
no-ecdh
-
no-ec2m
-
no-mdc2
-
no-idea - No International Data Encryption Algorithm (IDEA)
-
no-deprecated
-
no-capieng
-
no-chain-verify
-
no-cms
-
no-comp
-
no-decc-init
-
no-dgram
-
no-engine - No runtime-loadable engines
- no-dynamic-engine
-
fips - *
-
no-fips
-
dh - With Diffie-Hellman*
-
no-dh - Without Diffie-Hellman*
-
des - With DES support.*
-
no-des - No DES support. Note:
make test
will fail- no-descbcm
-
no-bf - No Blowfish
-
no-dsa - No DSA
-
no-rsa - No RSA
-
aes - AES *
-
no-aes - No AES
-
gmp - With GNU Multi-Precision Library
-
no-gmp - No GNU Multi-Precision Library *
-
no-camellia - No Camellia
-
no-cast - No CAST
-
no-seed - No SEED
-
gost - *
-
no-gost - No GOST (as an engine, force disabled if no-engine)
-
rfc3779 -
-
no-rfc3779 - *
-
md2
-
no-md2 - *
-
no-md4
-
no-md5
-
no-rc2
-
no-rc4
-
rc5
-
no-rc5 - *
-
no-hmac
-
no-ocsp - No revocation checking via Online Certificate Status Protocol (OCSP)
-
no-x509 - No certificate support
-
no-whirlpool
-
no-tls
-
no-tls1
-
no-dtls1
-
no-tls1-2-client
-
ssl2 *
-
no-ssl2 - Probably a good idea
-
ssl3 *
-
no-ssl3 - Maybe needed if too many legacy ciphers / digests are disabled
-
no-srp
-
no-srtp
-
no-sha0
-
no-sha1
-
no-sha
-
no-sha256
-
no-sha512
-
no-rmd160
-
no-rnrand
-
no-store -
-
enable-<cipher>
- enable-ec_nistp_64_gcc_128
-
experimental-<cipher>
- experimental-jpake
- no-jpake - *
-
-Dxxx - Define xxx
-
-lxxx - Link against library xxx
-
-Lxxx - Search path xxx for libraries to link against
-
-fxxx - Enable compiler feature xxx
-
-Kxxx
-
hw - *
-
no-hw - No external hardware (ie HSM) support
-
threads - Build threaded openssl*
-
no-threads - Build single-threaded openssl
-
shared - *
-
no-shared -
-
no-zlib - *
-
no-zlib-dynamic - *
-
zlib - May enable CRIME and BEAST attacks.
-
zlib-dynamic - May enable CRIME and BEAST attacks.
-
no-asm - No assembly
-
no-dso - No shared libraries
-
krb5 - Build with Kerberos v5 support
-
no-krb5 - Build without Kerberos v5 support*
-
sctp - Build with SCTP support (an IP protocol)
-
no-sctp - Build without SCTP support (an IP protocol)*
-
386
-
--prefix
-
--openssldir
-
--test-sanity
-
os/compiler
- darwin-i386-cc - OSX 32-bit
- darwin64-x86_64-cc - OSX 64-bit