*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> SSL_CTX_set_cipher_list (3)              
Title
Content
Arch
Section
 

SSL_CTX_set_cipher_list(3)

Contents


NAME    [Toc]    [Back]

       SSL_CTX_set_cipher_list, SSL_set_cipher_list - Choose list
       of available SSL_CIPHERs

SYNOPSIS    [Toc]    [Back]

       #include <openssl/ssl.h>

       int SSL_CTX_set_cipher_list(
               SSL_CTX *ctx,
               const char *str ); int SSL_set_cipher_list(
               SSL *ssl,
               const char *str );

DESCRIPTION    [Toc]    [Back]

       The SSL_CTX_set_cipher_list() function sets  the  list  of
       available  ciphers  for  ctx using the control string str.
       The format of the string is described in  ciphers(1).  The
       list  of  ciphers  is inherited by all ssl objects created
       from ctx.

       The  SSL_set_cipher_list()  function  sets  the  list   of
       ciphers only for ssl.

NOTES    [Toc]    [Back]

       The  control  string  str should be universally usable and
       not  depend  on  details  of  the  library   configuration
       (ciphers  compiled  in).   Thus  no  syntax checking takes
       place. Items that are not recognized, because  the  corresponding
  ciphers  are not compiled in or because they are
       mistyped, are ignored.  Failure  is  only  flagged  if  no
       ciphers could be collected.

       Inclusion of a cipher to be used into the list is a necessary
 condition.  On the client side,  the  inclusion  into
       the  list  is  also  sufficient. On the server side, additional
 restrictions apply.  All  ciphers  have  additional
       requirements.   ADH ciphers do not need a certificate, but
       DH-parameters must have been set.  All other ciphers  need
       a corresponding certificate and key.

       An  RSA  cipher can only be chosen when an RSA certificate
       is available.  RSA export ciphers with a keylength of  512
       bits.  The  RSA  key requires a temporary 512-bit RSA key,
       and typically the supplied key has a length of  1024  bit.
       (See  SSL_CTX_set_tmp_rsa_callback(3)).  RSA ciphers using
       EDH need a certificate and key and  additional  DH-parameters.
 (See SSL_CTX_set_tmp_dh_callback(3)).

       A  DSA cipher can only be chosen when a DSA certificate is
       available.  DSA ciphers always use  DH  key  exchange  and
       therefore         need         DH-parameters.         (See
       SSL_CTX_set_tmp_dh_callback(3)).

       When these conditions are not met for any  cipher  in  the
       list (e.g. a client  only supports export RSA ciphers with
       an asymmetric key length of 512  bits and  the  server  is
       not   configured   to   use   temporary   RSA  keys),  the
       SSL_R_NO_SHARED_CIPHER error is generated  and  the  handshake
 will fail.



RETURN VALUES    [Toc]    [Back]

       The  SSL_CTX_set_cipher_list()  and  SSL_set_cipher_list()
       functions return 1 if any cipher could be selected  and  0
       on complete failure.

SEE ALSO    [Toc]    [Back]

      
      
       Commands: ciphers(1)

       Functions:  ssl(3),  SSL_get_ciphers(3),  SSL_CTX_use_certificate(3),              SSL_CTX_set_tmp_rsa_callback(3),
       SSL_CTX_set_tmp_dh_callback(3)



                                       SSL_CTX_set_cipher_list(3)
[ Back ]
 Similar pages
Name OS Title
SSL_get_ciphers NetBSD get list of available SSL_CIPHERs
SSL_get_cipher_list Tru64 Get list of available SSL_CIPHERs
SSL_get_ciphers OpenBSD get list of available SSL_CIPHERs
SSL_get_ciphers Tru64 Get list of available SSL_CIPHERs
SSL_get_cipher_list OpenBSD get list of available SSL_CIPHERs
SSL_CTX_set_ssl_version NetBSD choose a new TLS/SSL method
SSL_CTX_set_ssl_version OpenBSD choose a new TLS/SSL method
SSL_set_ssl_method Tru64 Choose a new TLS/SSL method
SSL_get_ssl_method Tru64 Choose a new TLS/SSL method
SSL_CTX_set_ssl_version Tru64 Choose a new TLS/SSL method
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service