generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Updated explanation.

Browse Source
This commit is contained in:
Lutz Jänicke 2001-07-20 19:23:43 +00:00
parent 2d3b6a5be7
commit 6d3dec92fb
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
doc/ssl/SSL_CTX_set_cipher_list.pod
View File

@ -34,9 +34,22 @@ a necessary condition. On the client side, the inclusion into the list is
also sufficient. On the server side, additional restrictions apply. All ciphers also sufficient. On the server side, additional restrictions apply. All ciphers
have additional requirements. ADH ciphers don't need a certificate, but have additional requirements. ADH ciphers don't need a certificate, but
DH-parameters must have been set. All other ciphers need a corresponding DH-parameters must have been set. All other ciphers need a corresponding
certificate and key. A RSA cipher can only be chosen, when a RSA certificate is certificate and key.
available, the respective is valid for DSA ciphers. Ciphers using EDH need
a certificate and key and DH-parameters. A RSA cipher can only be chosen, when a RSA certificate is available.
RSA export ciphers with a keylength of 512 bits for the RSA key require
a temporary 512 bit RSA key, as typically the supplied key has a length
of 1024 bit. RSA ciphers using EDH need a certificate and key and
additional DH-parameters.
A DSA cipher can only be chosen, when a DSA certificate is available.
DSA ciphers always use DH key exchange and therefore need DH-parameters.
When these conditions are not met for any cipher in the list (e.g. a
client only supports export RSA ciphers with a asymmetric key length
of 512 bits and the server is not configured to use temporary RSA
keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
and the handshake will fail.
=head1 RETURN VALUES =head1 RETURN VALUES