From a8f602a401cb3ad6dff0f8f916181b4b4018209c Mon Sep 17 00:00:00 2001
From: Niek van der Maas <mail@niekvandermaas.nl>
Date: Sat, 13 Jul 2019 01:43:20 +0200
Subject: [PATCH] Use basic BearSSL ciphers on low memory boards (#1810)

* Use basic BearSSL ciphers on low memory boards

* Move BearSSL basic flag to recommendation
---
 code/platformio.ini | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/code/platformio.ini b/code/platformio.ini
index ed2aabb0..58db5589 100644
--- a/code/platformio.ini
+++ b/code/platformio.ini
@@ -52,6 +52,14 @@ debug_flags = -DDEBUG_ESP_CORE -DDEBUG_ESP_SSL -DDEBUG_ESP_WIFI -DDEBUG_ESP_HTTP
 #    -DPIO_FRAMEWORK_ARDUINO_LWIP_HIGHER_BANDWIDTH  = v1.4 Higher Bandwidth (default)
 #    -DPIO_FRAMEWORK_ARDUINO_LWIP2_LOW_MEMORY       = v2 Lower Memory
 #    -DPIO_FRAMEWORK_ARDUINO_LWIP2_HIGHER_BANDWIDTH = v2 Higher Bandwidth
+#
+# BearSSL ciphers:
+#   When building on core >= 2.5, you can add the build flag -DBEARSSL_SSL_BASIC in order to build BearSSL with a limited set of ciphers:
+#     TLS_RSA_WITH_AES_128_CBC_SHA256 / AES128-SHA256
+#     TLS_RSA_WITH_AES_256_CBC_SHA256 / AES256-SHA256
+#     TLS_RSA_WITH_AES_128_CBC_SHA / AES128-SHA
+#     TLS_RSA_WITH_AES_256_CBC_SHA / AES256-SHA
+#  This reduces the OTA size with ~45KB, so it's especially useful on low memory boards (512k/1m).
 # ------------------------------------------------------------------------------
 board_1m = esp01_1m
 board_2m = esp_wroom_02