X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=lib%2Fopenssl%2Fdoc%2Fssl%2FSSL_CTX_set_cipher_list.pod;h=4e66917bab8d504b2be5bab2a7c503759c27016e;hb=02ed66432c92de70694700164f986190aad3cbc5;hp=bd4df4abd461556300709bbe94ac3a407a46d442;hpb=89016837dcbf2775cd15dc8cbaba00dc6379f86e;p=cassiopeia.git diff --git a/lib/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod b/lib/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod index bd4df4a..4e66917 100644 --- a/lib/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod +++ b/lib/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod @@ -15,7 +15,7 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPH SSL_CTX_set_cipher_list() sets the list of available ciphers for B using the control string B. The format of the string is described -in L. The list of ciphers is inherited by all +in L. The list of ciphers is inherited by all B objects created from B. SSL_set_cipher_list() sets the list of ciphers only for B. @@ -31,33 +31,25 @@ at all. It should be noted, that inclusion of a cipher to be used into the list is a necessary condition. On the client side, the inclusion into the list is -also sufficient. On the server side, additional restrictions apply. All ciphers -have additional requirements. ADH ciphers don't need a certificate, but -DH-parameters must have been set. All other ciphers need a corresponding -certificate and key. +also sufficient unless the security level excludes it. On the server side, +additional restrictions apply. All ciphers have additional requirements. +ADH ciphers don't need a certificate, but DH-parameters must have been set. +All other ciphers need a corresponding certificate and key. A RSA cipher can only be chosen, when a RSA certificate is available. -RSA export ciphers with a keylength of 512 bits for the RSA key require -a temporary 512 bit RSA key, as typically the supplied key has a length -of 1024 bit (see -L). -RSA ciphers using EDH need a certificate and key and additional DH-parameters -(see L). +RSA ciphers using DHE need a certificate and key and additional DH-parameters +(see L). A DSA cipher can only be chosen, when a DSA certificate is available. DSA ciphers always use DH key exchange and therefore need DH-parameters -(see L). +(see L). When these conditions are not met for any cipher in the list (e.g. a -client only supports export RSA ciphers with a asymmetric key length +client only supports export RSA ciphers with an asymmetric key length of 512 bits and the server is not configured to use temporary RSA keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated and the handshake will fail. -If the cipher list does not contain any SSLv2 cipher suites (this is the -default) then SSLv2 is effectively disabled and neither clients nor servers -will attempt to use SSLv2. - =head1 RETURN VALUES SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher @@ -65,10 +57,18 @@ could be selected and 0 on complete failure. =head1 SEE ALSO -L, L, -L, -L, -L, -L +L, L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. =cut