2014-03-29 00:40:56 +08:00
|
|
|
=pod
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data - SSL/TLS security framework
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
|
|
|
|
void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
|
|
|
|
void SSL_set_security_level(SSL *s, int level);
|
|
|
|
|
|
|
|
int SSL_CTX_get_security_level(const SSL_CTX *ctx);
|
|
|
|
int SSL_get_security_level(const SSL *s);
|
|
|
|
|
|
|
|
void SSL_CTX_set_security_callback(SSL_CTX *ctx,
|
2017-01-21 02:58:49 +08:00
|
|
|
int (*cb)(SSL *s, SSL_CTX *ctx, int op,
|
|
|
|
int bits, int nid,
|
|
|
|
void *other, void *ex));
|
|
|
|
|
|
|
|
void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op,
|
|
|
|
int bits, int nid,
|
|
|
|
void *other, void *ex));
|
|
|
|
|
|
|
|
int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op,
|
|
|
|
int bits, int nid, void *other,
|
|
|
|
void *ex);
|
|
|
|
int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op,
|
|
|
|
int bits, int nid, void *other,
|
|
|
|
void *ex);
|
2014-03-29 00:40:56 +08:00
|
|
|
|
|
|
|
void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
|
|
|
|
void SSL_set0_security_ex_data(SSL *s, void *ex);
|
|
|
|
|
|
|
|
void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
|
|
|
|
void *SSL_get0_security_ex_data(const SSL *s);
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
The functions SSL_CTX_set_security_level() and SSL_set_security_level() set
|
2015-04-14 00:48:06 +08:00
|
|
|
the security level to B<level>. If not set the library default security level
|
2014-03-29 00:40:56 +08:00
|
|
|
is used.
|
|
|
|
|
|
|
|
The functions SSL_CTX_get_security_level() and SSL_get_security_level()
|
|
|
|
retrieve the current security level.
|
|
|
|
|
|
|
|
SSL_CTX_set_security_callback(), SSL_set_security_callback(),
|
|
|
|
SSL_CTX_get_security_callback() and SSL_get_security_callback() get or set
|
|
|
|
the security callback associated with B<ctx> or B<s>. If not set a default
|
|
|
|
security callback is used. The meaning of the parameters and the behaviour
|
|
|
|
of the default callbacks is described below.
|
|
|
|
|
|
|
|
SSL_CTX_set0_security_ex_data(), SSL_set0_security_ex_data(),
|
|
|
|
SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() set the
|
|
|
|
extra data pointer passed to the B<ex> parameter of the callback. This
|
|
|
|
value is passed to the callback verbatim and can be set to any convenient
|
|
|
|
application specific value.
|
|
|
|
|
|
|
|
=head1 DEFAULT CALLBACK BEHAVIOUR
|
|
|
|
|
2016-03-20 23:51:06 +08:00
|
|
|
If an application doesn't set its own security callback the default
|
2014-03-29 00:40:56 +08:00
|
|
|
callback is used. It is intended to provide sane defaults. The meaning
|
|
|
|
of each level is described below.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item B<Level 0>
|
|
|
|
|
|
|
|
Everything is permitted. This retains compatibility with previous versions of
|
|
|
|
OpenSSL.
|
|
|
|
|
|
|
|
=item B<Level 1>
|
|
|
|
|
2014-04-05 20:29:41 +08:00
|
|
|
The security level corresponds to a minimum of 80 bits of security. Any
|
|
|
|
parameters offering below 80 bits of security are excluded. As a result RSA,
|
|
|
|
DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits
|
2021-10-06 22:08:43 +08:00
|
|
|
are prohibited. Any cipher suite using MD5 for the MAC is also prohibited. Any
|
2021-10-13 21:16:58 +08:00
|
|
|
cipher suites using CCM with a 64 bit authentication tag are prohibited. Note
|
|
|
|
that signatures using SHA1 and MD5 are also forbidden at this level as they
|
2022-05-06 08:42:16 +08:00
|
|
|
have less than 80 security bits. Additionally, SSLv3, TLS 1.0, TLS 1.1 and
|
|
|
|
DTLS 1.0 are all disabled at this level.
|
2014-03-29 00:40:56 +08:00
|
|
|
|
|
|
|
=item B<Level 2>
|
|
|
|
|
2014-04-05 20:29:41 +08:00
|
|
|
Security level set to 112 bits of security. As a result RSA, DSA and DH keys
|
|
|
|
shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
|
2021-09-23 10:27:11 +08:00
|
|
|
In addition to the level 1 exclusions any cipher suite using RC4 is also
|
2022-05-06 08:42:16 +08:00
|
|
|
prohibited. Compression is disabled.
|
2014-03-29 00:40:56 +08:00
|
|
|
|
|
|
|
=item B<Level 3>
|
|
|
|
|
2014-04-05 20:29:41 +08:00
|
|
|
Security level set to 128 bits of security. As a result RSA, DSA and DH keys
|
|
|
|
shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited.
|
2017-03-30 05:38:30 +08:00
|
|
|
In addition to the level 2 exclusions cipher suites not offering forward
|
2022-05-06 08:42:16 +08:00
|
|
|
secrecy are prohibited. Session tickets are disabled.
|
2014-03-29 00:40:56 +08:00
|
|
|
|
|
|
|
=item B<Level 4>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
Security level set to 192 bits of security. As a result RSA, DSA and
|
|
|
|
DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are
|
2022-05-06 08:42:16 +08:00
|
|
|
prohibited. Cipher suites using SHA1 for the MAC are prohibited.
|
2014-03-29 00:40:56 +08:00
|
|
|
|
|
|
|
=item B<Level 5>
|
|
|
|
|
2014-04-05 20:29:41 +08:00
|
|
|
Security level set to 256 bits of security. As a result RSA, DSA and DH keys
|
|
|
|
shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited.
|
2014-03-29 00:40:56 +08:00
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 APPLICATION DEFINED SECURITY CALLBACKS
|
|
|
|
|
2016-05-21 08:52:46 +08:00
|
|
|
I<Documentation to be provided.>
|
2014-03-29 00:40:56 +08:00
|
|
|
|
|
|
|
=head1 NOTES
|
|
|
|
|
|
|
|
The default security level can be configured when OpenSSL is compiled by
|
2021-10-06 22:08:43 +08:00
|
|
|
setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 2 is used.
|
2014-03-29 00:40:56 +08:00
|
|
|
|
|
|
|
The security framework disables or reject parameters inconsistent with the
|
|
|
|
set security level. In the past this was difficult as applications had to set
|
|
|
|
a number of distinct parameters (supported ciphers, supported curves supported
|
|
|
|
signature algorithms) to achieve this end and some cases (DH parameter size
|
|
|
|
for example) could not be checked at all.
|
|
|
|
|
|
|
|
By setting an appropriate security level much of this complexity can be
|
|
|
|
avoided.
|
|
|
|
|
|
|
|
The bits of security limits affect all relevant parameters including
|
2017-03-30 05:38:30 +08:00
|
|
|
cipher suite encryption algorithms, supported ECC curves, supported
|
2014-03-29 00:40:56 +08:00
|
|
|
signature algorithms, DH parameter sizes, certificate key sizes and
|
|
|
|
signature algorithms. This limit applies no matter what other custom
|
2017-03-30 05:38:30 +08:00
|
|
|
settings an application has set: so if the cipher suite is set to B<ALL>
|
|
|
|
then only cipher suites consistent with the security level are permissible.
|
2014-03-29 00:40:56 +08:00
|
|
|
|
|
|
|
See SP800-57 for how the security limits are related to individual
|
|
|
|
algorithms.
|
|
|
|
|
2014-08-19 09:56:04 +08:00
|
|
|
Some security levels require large key sizes for non-ECC public key
|
2014-04-05 20:29:41 +08:00
|
|
|
algorithms which can severely degrade performance. For example 256 bits
|
|
|
|
of security requires the use of RSA keys of at least 15360 bits in size.
|
2014-03-29 00:40:56 +08:00
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
Some restrictions can be gracefully handled: for example cipher suites
|
2014-03-29 00:40:56 +08:00
|
|
|
offering insufficient security are not sent by the client and will not
|
|
|
|
be selected by the server. Other restrictions such as the peer certificate
|
2014-07-03 10:42:40 +08:00
|
|
|
key size or the DH parameter size will abort the handshake with a fatal
|
2014-03-29 00:40:56 +08:00
|
|
|
alert.
|
|
|
|
|
|
|
|
Attempts to set certificates or parameters with insufficient security are
|
2021-10-13 21:16:58 +08:00
|
|
|
also blocked. For example trying to set a certificate using a 512 bit RSA key
|
|
|
|
or a certificate with a signature with SHA1 digest at level 1 using
|
|
|
|
SSL_CTX_use_certificate(). Applications which do not check the return values
|
|
|
|
for errors will misbehave: for example it might appear that a certificate is
|
|
|
|
not set at all because it had been rejected.
|
2014-03-29 00:40:56 +08:00
|
|
|
|
2017-12-25 17:50:39 +08:00
|
|
|
=head1 RETURN VALUES
|
|
|
|
|
|
|
|
SSL_CTX_set_security_level() and SSL_set_security_level() do not return values.
|
|
|
|
|
|
|
|
SSL_CTX_get_security_level() and SSL_get_security_level() return a integer that
|
|
|
|
represents the security level with B<SSL_CTX> or B<SSL>, respectively.
|
|
|
|
|
|
|
|
SSL_CTX_set_security_callback() and SSL_set_security_callback() do not return
|
|
|
|
values.
|
|
|
|
|
|
|
|
SSL_CTX_get_security_callback() and SSL_get_security_callback() return the pointer
|
|
|
|
to the security callback or NULL if the callback is not set.
|
|
|
|
|
|
|
|
SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() return the extra
|
|
|
|
data pointer or NULL if the ex data is not set.
|
|
|
|
|
2019-11-02 00:27:29 +08:00
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<ssl(7)>
|
|
|
|
|
2014-03-29 00:40:56 +08:00
|
|
|
=head1 HISTORY
|
|
|
|
|
2018-12-09 08:02:36 +08:00
|
|
|
These functions were added in OpenSSL 1.1.0.
|
2014-03-29 00:40:56 +08:00
|
|
|
|
2016-05-18 23:44:05 +08:00
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
2020-08-06 20:22:30 +08:00
|
|
|
Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
|
2016-05-18 23:44:05 +08:00
|
|
|
|
2018-12-06 21:04:44 +08:00
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 23:44:05 +08:00
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
=cut
|