gtpc1m66 | Transmission Control Protocol/Internet Protocol |
The SSL_set_cipher_list function sets the ciphers for use by a
specific Secure Sockets Layer (SSL) session that session that is started using
the specified SSL structure.
Format
#include <openssl/ssl.h>
int ssl_set_cipher_list(SSL *ssl,const char *str)
- ssl
- A pointer to a token returned on the SSL_new call.
- str
- A pointer to a string that contains one or more ciphers separated by a
colon, comma, or blank. The maximum length is 255 characters.
You must specify the ciphers in order of preference from highest to
lowest. The TPF system supports the following SSL version 3 and
Transport Layer Security (TLS) version 1 ciphers that are used by the
Rivest-Shamir-Adelman (RSA) key exchange:
- NULL-MD5
- No data encryption; MD5 for message integrity.
- NULL-SHA
- No data encryption; SHA for message integrity.
- EXP-RC4-MD5
- Export RC4 (40-bit key) for data encryption; MD5 for message
integrity.
- RC4-MD5
- RC4 (128-bit key) for data encryption; MD5 for message
integrity.
- RC4-SHA
- RC4 (128-bit key) for data encryption; SHA for message
integrity.
- EXP-RC2-CBC-MD5
- Export RC2 (40-bit key) for data encryption; MD5 for message
integrity.
- EXP-DES-CBC-SHA
- Export DES (40-bit key) for data encryption; SHA for message
integrity.
- DES-CBC-SHA
- DES (56-bit key) for data encryption; SHA for message
integrity.
- DES-CBC3-SHA
- Triple-DES (168-bit key) for data encryption; SHA for message
integrity.
The TPF system supports the following SSL version 2 ciphers that are used
by the RSA key exchange:
- RC4-MD5
- RC4 (128-bit key) for data encryption; MD5 for message
integrity.
- EXP-RC4-MD5
- Export RC4 (40-bit key) for data encryption; MD5 for message
integrity.
- RC2-CBC-MD5
- RC2 (128-bit key) for data encryption; MD5 for message
integrity.
- EXP-RC2-CBC-MD5
- Export RC2 (40-bit key) for data encryption; MD5 for message
integrity.
- DES-CBC-MD5
- DES (56-bit key) for data encryption; MD5 for message
integrity.
- DES-CBC3-MD5
- Triple-DES (168-bit key) for data encryption; MD5 for message
integrity.
Normal Return
Return code 1 indicates that the function was successful.
Error Return
A return code equal to 0 indicates an error.
Programming Considerations
- When an SSL structure is first created using the SSL_new
function, the structure inherits the cipher list assigned to the context (CTX)
structure that was used to create the SSL structure. The
SSL_set_cipher_list function overrides that cipher list for a
specific SSL structure.
- If you are assigning many SSL sessions to the same CTX structure and each
session will use the same cipher list, issue the
SSL_CTX_set_cipher_list function once to assign the cipher list to
the CTX structure rather than issuing the SSL_set_cipher_list
function once for each SSL session.
- If you start an SSL session without issuing the
SSL_CTX_set_cipher_list or the SSL_set_cipher_list
function, the system default cipher list is used.
The default ciphers for SSL version 2 are:
- DES-CBC-MD5
- DES-CBC3-MD5
- EXP-RC2-CBC-MD5
- EXP-RC4-MD5
- RC2-CBC-MD5
- RC4-MD5.
The default ciphers for SSL version 3 are:
- DES-CBC-SHA
- DES-CBC3-SHA
- EXP-DES-CBC-SHA
- EXP-RC2-CBC-MD5
- EXP-RC4-MD5
- RC4-SHA.
The default ciphers for TLS version 1 are:
- DES-CBC3-SHA
- DES-CBC-SHA
- EXP-DES-CBC-SHA
- EXP-RC2-CBC-MD5
- EXP-RC4-MD5
- RC4-MD5
- RC4-SHA.
Examples
For sample SSL applications, go to http://www.ibm.com/tpf/pubs/tpfpubs.htm,
click SSL for the TPF 4.1 System: An Online User's
Guide, and click Examples from the left navigation
bar.
Related Information