# Deprecated - Use [LibreSSL Portable](http://www.libressl.org/releases.html) instead
# OpenSSL Configure Options (1.0.1e)
## Standard party line
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw]
[[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm]
[no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity]
os/compiler[:flags]
## Raw list
$ grep -r '^#if.*OPENSSL_NO' . | grep -o 'OPENSSL_NO_[a-zA-Z0-9_]*' | sort -u | sed 's/OPENSSL_//' | tr '[A-Z_]' '[a-z-]'
no-aes
no-algorithms
no-asm
no-bf
no-bio
no-buffer
no-buf-freelists
no-camellia
no-capieng
no-cast
no-chain-verify
no-cms
no-comp
no-decc-init
no-deprecated
no-des
no-descbcm
no-dgram
no-dh
no-dsa
no-dtls1
no-dynamic-engine
no-ec
no-ec2m
no-ecdh
no-ecdsa
no-ec-nistp-64-gcc-128
no-engine
no-err
no-evp
no-fp-api
no-gmp
no-gost
no-hash-comp
no-heartbeats
no-hmac
no-hw
no-hw-4758-cca
no-hw-aep
no-hw-atalla
no-hw-chil
no-hw-cswift
no-hw-ibmca
no-hw-ncipher
no-hw-nuron
no-hw-padlock
no-hw-sureware
no-hw-ubsec
no-hw-zencod
no-idea
no-inline-asm
no-jpake
no-krb5
no-lhash
no-locking
no-md2
no-md4
no-md5
no-mdc2
no-multibyte
no-nextprotoneg
no-object
no-ocsp
no-posix-io
no-psk
no-rc2
no-rc4
no-rc5
no-rdrand
no-rfc3779
no-ripemd
no-ripemd160
no-rmd160
no-rsa
no-rsax
no-sctp
no-seed
no-setvbuf-ionbf
no-sha
no-sha0
no-sha1
no-sha256
no-sha512
no-sock
no-speed
no-srp
no-srtp
no-ssl2
no-ssl3
no-ssl-intern
no-stack
no-static-engine
no-stdio
no-store
no-tls
no-tls1
no-tls1-2-client
no-tlsext
no-whirlpool
no-x509
no-x509-verify
## Full list
\* Default
- ec - Elliptic curve support*
- no-ec - No Elliptic curve support
- ecdsa - *
- no-ecdsa
- ecdh - *
- no-ecdh
- no-ec2m
- no-mdc2
- no-idea - No International Data Encryption Algorithm (IDEA)
- no-deprecated
- no-capieng
- no-chain-verify
- no-cms
- no-comp
- no-decc-init
- no-dgram
- no-engine - No runtime-loadable engines
- no-dynamic-engine
- fips - *
- no-fips
- dh - With Diffie-Hellman*
- no-dh - Without Diffie-Hellman*
- des - With DES support.*
- no-des - No DES support. Note: `make test` will fail
- no-descbcm
- no-bf - No Blowfish
- no-dsa - No DSA
- no-rsa - No RSA
- aes - AES *
- no-aes - No AES
- gmp - With GNU Multi-Precision Library
- no-gmp - No GNU Multi-Precision Library *
- no-camellia - No Camellia
- no-cast - No CAST
- no-seed - No SEED
- gost - *
- no-gost - No GOST (as an engine, force disabled if no-engine)
- rfc3779 -
- no-rfc3779 - *
- md2
- no-md2 - *
- no-md4
- no-md5
- no-rc2
- no-rc4
- rc5
- no-rc5 - *
- no-hmac
- no-ocsp - No revocation checking via Online Certificate Status Protocol (OCSP)
- no-x509 - No certificate support
- no-whirlpool
- no-tls
- no-tls1
- no-dtls1
- no-tls1-2-client
- ssl2 *
- no-ssl2 - Probably a good idea
- ssl3 *
- no-ssl3 - Maybe needed if too many legacy ciphers / digests are disabled
- no-srp
- no-srtp
- no-sha0
- no-sha1
- no-sha
- no-sha256
- no-sha512
- no-rmd160
- no-rnrand
- no-store -
- enable-\<cipher\>
- enable-ec_nistp_64_gcc_128
- experimental-\<cipher\>
- experimental-jpake
- no-jpake - *
- -Dxxx - Define xxx
- -lxxx - Link against library xxx
- -Lxxx - Search path xxx for libraries to link against
- -fxxx - Enable compiler feature xxx
- -Kxxx
- hw - *
- no-hw - No external hardware (ie HSM) support
- threads - Build threaded openssl*
- no-threads - Build single-threaded openssl
- shared - *
- no-shared -
- no-zlib - *
- no-zlib-dynamic - *
- zlib - May enable CRIME and BEAST attacks.
- zlib-dynamic - May enable CRIME and BEAST attacks.
- no-asm - No assembly
- no-dso - No shared libraries
- krb5 - Build with Kerberos v5 support
- no-krb5 - Build without Kerberos v5 support*
- sctp - Build with SCTP support (an IP protocol)
- no-sctp - Build without SCTP support (an IP protocol)*
- 386
- --prefix
- --openssldir
- --test-sanity
- os/compiler
- darwin-i386-cc - OSX 32-bit
- darwin64-x86_64-cc - OSX 64-bit