build-wolfssl: Allow a broader range of ciphers (Visual Studio)

This is an update to the build-time options used to build wolfSSL in
Visual Studio for greater compatibility, and make it behave similar to
the way OpenSSL 1.0.2 behaves. Starting in wolfSSL v3.6.6 static ciphers
and SSLv3 are disabled by default at build time, but we can use both.

- Enable static cipher suites TLS_ECDH_ and TLS_RSA_.

- Enable SSLv3 hello. Though in libcurl we disable it by default at
runtime, we make it available so the user can manually select it if
necessary.

projects/wolfssl_options.h

@@ -5,27 +5,42 @@ To remedy this issue for libcurl I've generated this options file that
 build-wolfssl will copy to the wolfSSL include directories and will result in
 maximum compatibility.
 
-These configure flags were used in MinGW to generate the options in this file:
+These are the configure options that were used to build wolfSSL v3.9.0 in mingw
+and generate the options in this file:
 
---enable-opensslextra
+C_EXTRA_FLAGS="\
---enable-aesgcm
+  -Wno-attributes \
---enable-ripemd
+  -Wno-unused-but-set-variable \
---enable-sha512
+  -DFP_MAX_BITS=16384 \
---enable-dh
+  -DTFM_TIMING_RESISTANT \
---enable-dsa
+  -DWOLFSSL_STATIC_DH \
---enable-ecc
+  -DWOLFSSL_STATIC_RSA \
---enable-sni
+  " \
---enable-fastmath
+./configure --prefix=/usr/local \
---enable-sessioncerts
+  --enable-aesgcm \
---enable-certgen
+  --enable-alpn \
---enable-testcert
+  --enable-certgen \
---enable-alpn
+  --enable-dh \
-C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT"
+  --enable-dsa \
+  --enable-ecc \
+  --enable-fastmath \
+  --enable-opensslextra \
+  --enable-ripemd \
+  --enable-sessioncerts \
+  --enable-sha512 \
+  --enable-sni \
+  --enable-sslv3 \
+  --enable-testcert \
+  > config.out 2>&1
 
 Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
-are inapplicable for our Visual Studio build.
+are inapplicable for our Visual Studio build. Currently thread local storage is
+only used by the Fixed Point cache ECC which we're not enabling. However even
+if we later may decide to enable the cache it will fallback on mutexes when
+thread local storage is not available. wolfSSL is using __declspec(thread) to
+create the thread local storage and that could be a problem for LoadLibrary.
 
-Regarding the two options that were added via C_EXTRA_FLAGS:
+Regarding the options that were added via C_EXTRA_FLAGS:
 
 FP_MAX_BITS=16384
 http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
@@ -38,6 +53,11 @@ https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
 From section 2.4.5 Increasing Performance, USE_FAST_MATH:
 "Because the stack memory usage can be larger when using fastmath, we recommend
 defining TFM_TIMING_RESISTANT as well when using this option."
+
+WOLFSSL_STATIC_DH:    Allow TLS_ECDH_ ciphers
+WOLFSSL_STATIC_RSA:   Allow TLS_RSA_ ciphers
+https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
+Static key cipher suites are deprecated and disabled by default since v3.6.6.
 */
 
 /* wolfssl options.h
@@ -49,7 +69,9 @@ defining TFM_TIMING_RESISTANT as well when using this option."
  *
  */
 
-#pragma once
+#ifndef WOLFSSL_OPTIONS_H
+#define WOLFSSL_OPTIONS_H
+
 
 #ifdef __cplusplus
 extern "C" {
@@ -61,6 +83,12 @@ extern "C" {
 #undef  TFM_TIMING_RESISTANT
 #define TFM_TIMING_RESISTANT
 
+#undef  WOLFSSL_STATIC_DH
+#define WOLFSSL_STATIC_DH
+
+#undef  WOLFSSL_STATIC_RSA
+#define WOLFSSL_STATIC_RSA
+
 #undef  OPENSSL_EXTRA
 #define OPENSSL_EXTRA
 
@@ -91,15 +119,12 @@ extern "C" {
 #undef  ECC_SHAMIR
 #define ECC_SHAMIR
 
-#undef  NO_PSK
+#undef  WOLFSSL_ALLOW_SSLV3
-#define NO_PSK
+#define WOLFSSL_ALLOW_SSLV3
 
 #undef  NO_RC4
 #define NO_RC4
 
-#undef  NO_MD4
-#define NO_MD4
-
 #undef  NO_HC128
 #define NO_HC128
 
@@ -124,16 +149,32 @@ extern "C" {
 #undef  HAVE_SNI
 #define HAVE_SNI
 
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_ALPN
+#define HAVE_ALPN
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
 #undef  WOLFSSL_TEST_CERT
 #define WOLFSSL_TEST_CERT
 
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
 #undef  USE_FAST_MATH
 #define USE_FAST_MATH
 
-#undef  HAVE_ALPN
-#define HAVE_ALPN
 
 #ifdef __cplusplus
 }
 #endif
 
+
+#endif /* WOLFSSL_OPTIONS_H */
+