Index Index for
Section 3
Index Alphabetical
listing for S
Bottom of page Bottom of
page		 

SSL_CTX_set_cipher_list(3)


NAME

  SSL_CTX_set_cipher_list, SSL_set_cipher_list - Choose list of available
  SSL_CIPHERs


SYNOPSIS

  #include <openssl/ssl.h>

  int SSL_CTX_set_cipher_list(
	  SSL_CTX *ctx,
	  const char *str );

  int SSL_set_cipher_list(
	  SSL *ssl,
	  const char *str );


DESCRIPTION

  The SSL_CTX_set_cipher_list() function sets the list of available ciphers
  for ctx using the control string str. The format of the string is described
  in ciphers(1). The list of ciphers is inherited by all ssl objects created
  from ctx.

  The SSL_set_cipher_list() function sets the list of ciphers only for ssl.


NOTES

  The control string str should be universally usable and not depend on
  details of the library configuration (ciphers compiled in).  Thus no syntax
  checking takes place. Items that are not recognized, because the
  corresponding ciphers are not compiled in or because they are mistyped, are
  ignored. Failure is only flagged if no ciphers could be collected.

  Inclusion of a cipher to be used into the list is a necessary condition.
  On the client side, the inclusion into the list is also sufficient. On the
  server side, additional restrictions apply. All ciphers have additional
  requirements.	 ADH ciphers do not need a certificate, but DH-parameters
  must have been set.  All other ciphers need a corresponding certificate and
  key.

  An RSA cipher can only be chosen when an RSA certificate is available.  RSA
  export ciphers with a keylength of 512 bits. The RSA key requires a
  temporary 512-bit RSA key, and typically the supplied key has a length of
  1024 bit.  (See SSL_CTX_set_tmp_rsa_callback(3)).  RSA ciphers using EDH
  need a certificate and key and additional DH-parameters. (See
  SSL_CTX_set_tmp_dh_callback(3)).

  A DSA cipher can only be chosen when a DSA certificate is available.	DSA
  ciphers always use DH key exchange and therefore need DH-parameters.	(See
  SSL_CTX_set_tmp_dh_callback(3)).

  When these conditions are not met for any cipher in the list (e.g. a client
  only supports export RSA ciphers with an asymmetric key length of 512	 bits
  and the server is not configured to use temporary RSA keys), the
  SSL_R_NO_SHARED_CIPHER error is generated and the handshake will fail.


RETURN VALUES

  The SSL_CTX_set_cipher_list() and SSL_set_cipher_list() functions return 1
  if any cipher could be selected and 0 on complete failure.


SEE ALSO

  Commands: ciphers(1)

  Functions: ssl(3), SSL_get_ciphers(3), SSL_CTX_use_certificate(3),
  SSL_CTX_set_tmp_rsa_callback(3), SSL_CTX_set_tmp_dh_callback(3)

Index Index for
Section 3
Index Alphabetical
listing for S
Top of page Top of
page