Use SSL_CIPHERSUITES in example configs
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index f425391..c80c912 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -3,7 +3,7 @@
* Distinguishing features:
* - no bignum, no PK, no X509
* - fully modern and secure (provided the pre-shared keys have high entropy)
- * - very low record overhead if using the CCM-8 suites
+ * - very low record overhead with CCM-8
* - optimized for low RAM usage
*
* See README.txt for usage instructions.
@@ -44,6 +44,13 @@
#define ENTROPY_MAX_SOURCES 2
/*
+ * Use only CCM_8 ciphersuites, and
+ * save ROM and a few bytes of RAM by specifying our own ciphersuite list
+ */
+#define SSL_CIPHERSUITES \
+ TLS_PSK_WITH_AES_256_CCM_8, \
+ TLS_PSK_WITH_AES_128_CCM_8
+/*
* Save RAM at the expense of interoperability: do this only if you control
* both ends of the connection! (See coments in "polarssl/ssl.h".)
* The optimal size here depends on the typical size of records.
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index d10cf63..cd38f33 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -77,6 +77,11 @@
*/
#define ENTROPY_MAX_SOURCES 2
+/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
+#define SSL_CIPHERSUITES \
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
/*
* Save RAM at the expense of interoperability: do this only if you control
* both ends of the connection! (See coments in "polarssl/ssl.h".)
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 9b09e34..6546b05 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -20,7 +20,7 @@
'config-picocoin.h'
=> 0,
'config-ccm-psk-tls1_2.h'
- => '-m tls1_2 -f \'TLS-PSK.*AES.*CCM\'',
+ => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
);
# If no config-name is provided, use all known configs.
