Pike v8.1 release 6

Method SSL.Context()->configure_suite_b()


Method configure_suite_b

void configure_suite_b(int(128..)|void min_keylength, int(0..)|void strictness_level)

Description

Configure the context for Suite B compliant operation.

This restricts the context to the cipher suites specified by RFC 6460 in strict mode.

Additional suites may be enabled, but they will only be selected if a Suite B suite isn't available.

Parameter min_keylength

Minimum supported key length in bits. Either 128 or 192.

Parameter strictness_level

Allow additional suites.

(2..)

Strict mode.

Allow only the Suite B suites from RFC 6460 and TLS 1.2.

1

Transitional mode.

Also allow the transitional suites from RFC 5430 for use with TLS 1.0 and 1.1.

0

Permissive mode (default).

Also allow other suites that conform to the minimum key length.

Note

This function is only present when Suite B compliant operation is possible (ie both elliptic curves and GCM are available).

Note

Note also that for Suite B server operation compliant certificates need to be added with add_cert().

See also

get_suites()