mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Updated explanation.

Browse Source
This commit is contained in:
Lutz Jänicke 2001-07-20 19:23:43 +00:00
parent 2d3b6a5be7
commit 6d3dec92fb
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
doc/ssl/SSL_CTX_set_cipher_list.pod
View File

@ -34,9 +34,22 @@ a necessary condition. On the client side, the inclusion into the list is
also sufficient. On the server side, additional restrictions apply. All ciphers
have additional requirements. ADH ciphers don't need a certificate, but
DH-parameters must have been set. All other ciphers need a corresponding
certificate and key. A RSA cipher can only be chosen, when a RSA certificate is
available, the respective is valid for DSA ciphers. Ciphers using EDH need
a certificate and key and DH-parameters.
certificate and key.
A RSA cipher can only be chosen, when a RSA certificate is available.
RSA export ciphers with a keylength of 512 bits for the RSA key require
a temporary 512 bit RSA key, as typically the supplied key has a length
of 1024 bit. RSA ciphers using EDH need a certificate and key and
additional DH-parameters.
A DSA cipher can only be chosen, when a DSA certificate is available.
DSA ciphers always use DH key exchange and therefore need DH-parameters.
When these conditions are not met for any cipher in the list (e.g. a
client only supports export RSA ciphers with a asymmetric key length
of 512 bits and the server is not configured to use temporary RSA
keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
and the handshake will fail.
=head1 RETURN VALUES