Pike v8.1 release 6

Method SSL.Context()->get_suites()


Method get_suites

array(int) get_suites(int(-1..)|void min_keylength, int(0..2)|void ke_mode, multiset(int)|void blacklisted_ciphers, multiset(KeyExchangeType)|void blacklisted_kes, multiset(HashAlgorithm)|void blacklisted_hashes, multiset(CipherModes)|void blacklisted_ciphermodes)

Description

Get the prioritized list of supported cipher suites that satisfy the requirements.

Parameter min_keylength

Minimum supported effective keylength in bits. Defaults to 128. Specify -1 to enable null ciphers.

Parameter ke_mode

Level of protection for the key exchange.

0

Require forward secrecy (ephemeral keys).

1

Also allow certificate based key exchanges.

2

Also allow anonymous server key exchange. Note that this allows for man in the middle attacks.

Parameter blacklisted_ciphers

Multiset of ciphers that are NOT to be used. By default RC4, DES and export ciphers are blacklisted. An empty multiset needs to be given to unlock these.

Parameter blacklisted_kes

Multiset of key exchange methods that are NOT to be used.

Parameter blacklisted_hashes

Multiset of hash algoriths that are NOT to be used.

Parameter blacklisted_ciphermodes

Multiset of cipher modes that are NOT to be used.

Note

The list of suites is also filtered on the current settings of min_version and max_version.

Note

Note that the effective keylength may differ from the actual keylength for old ciphers where there are known attacks.