Method SSL.Context()->get_suites()
- Method get_suites
array
(int
) get_suites(int(-1..)
|void
min_keylength
,int(0..2)
|void
ke_mode
,multiset
(int
)|void
blacklisted_ciphers
,multiset
(KeyExchangeType
)|void
blacklisted_kes
,multiset
(HashAlgorithm
)|void
blacklisted_hashes
,multiset
(CipherModes
)|void
blacklisted_ciphermodes
)- Description
Get the prioritized list of supported cipher suites that satisfy the requirements.
- Parameter
min_keylength
Minimum supported effective keylength in bits. Defaults to
128
. Specify-1
to enable null ciphers.- Parameter
ke_mode
Level of protection for the key exchange.
0
Require forward secrecy (ephemeral keys).
1
Also allow certificate based key exchanges.
2
Also allow anonymous server key exchange. Note that this allows for man in the middle attacks.
- Parameter
blacklisted_ciphers
Multiset of ciphers that are NOT to be used. By default RC4, DES and export ciphers are blacklisted. An empty multiset needs to be given to unlock these.
- Parameter
blacklisted_kes
Multiset of key exchange methods that are NOT to be used.
- Parameter
blacklisted_hashes
Multiset of hash algoriths that are NOT to be used.
- Parameter
blacklisted_ciphermodes
Multiset of cipher modes that are NOT to be used.
- Note
The list of suites is also filtered on the current settings of min_version and max_version.
- Note
Note that the effective keylength may differ from the actual keylength for old ciphers where there are known attacks.