Pike v8.1 release 6

Class SSL.Cipher.CipherSpec

Description

Cipher specification.


Variable bulk_cipher_algorithm

program SSL.Cipher.CipherSpec.bulk_cipher_algorithm

Description

The algorithm to use for the bulk of the transfered data.


Variable explicit_iv_size

int SSL.Cipher.CipherSpec.explicit_iv_size

Description

The number of bytes of explicit data needed for initialization vectors. This is used by AEAD ciphers in TLS 1.2, where there's a secret part of the iv "salt" of length iv_size, and an explicit part that is sent in the clear.

This is usually bulk_cipher_algorithm->iv_size() - iv_size, but may be set to zero to just have the sequence number expanded to the same size as an implicit iv. This is used by the suites with Crypto.ChaCha20.POLY1305.


Variable hash

Crypto.Hash SSL.Cipher.CipherSpec.hash

Description

The hash algorithm for signing the handshake.

Usually the same hash as is the base for the prf.

Note

Only used in TLS 1.2 and later.


Variable hash_size

int SSL.Cipher.CipherSpec.hash_size

Description

The number of bytes in the MAC hashes.


Variable is_exportable

int SSL.Cipher.CipherSpec.is_exportable

Description

Indication whether the combination uses strong or weak (aka exportable) crypto.


Variable iv_size

int SSL.Cipher.CipherSpec.iv_size

Description

The number of bytes of random data needed for initialization vectors.


Variable ke_factory

program SSL.Cipher.CipherSpec.ke_factory

Description

Key exchange factory.


Variable key_bits

int SSL.Cipher.CipherSpec.key_bits

Description

The effective number of bits in key_material.

This is typically key_material * 8, but for eg DES this is key_material * 7.


Variable key_material

int SSL.Cipher.CipherSpec.key_material

Description

The number of bytes of key material used on initialization.


Variable mac_algorithm

program SSL.Cipher.CipherSpec.mac_algorithm

Description

The Message Authentication Code to use for the packets.


Variable max_bytes

int SSL.Cipher.CipherSpec.max_bytes

Description

The number of bytes that is safe to send before we must renegotiate the keys.


Variable prf

function(string(8bit), string(8bit), string(8bit), int:string(8bit)) SSL.Cipher.CipherSpec.prf

Description

The Pseudo Random Function to use.

See also

prf_ssl_3_0(), prf_tls_1_0(), prf_tls_1_2()


Variable signature_alg

SignatureAlgorithm SSL.Cipher.CipherSpec.signature_alg

Description

The signature algorithm used for key exchange signatures.


Variable signature_hash

HashAlgorithm SSL.Cipher.CipherSpec.signature_hash

Description

The hash algorithm used for key exchange signatures.