2012-11-16 19:12:24 +00:00
|
|
|
=pod
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
2017-06-08 19:18:38 +00:00
|
|
|
SSL_CONF_cmd_value_type,
|
2012-11-16 19:12:24 +00:00
|
|
|
SSL_CONF_cmd - send configuration command
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
|
|
|
|
int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
|
2013-10-18 15:09:12 +00:00
|
|
|
int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
|
2012-11-16 19:12:24 +00:00
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
The function SSL_CONF_cmd() performs configuration operation B<cmd> with
|
|
|
|
optional parameter B<value> on B<ctx>. Its purpose is to simplify application
|
|
|
|
configuration of B<SSL_CTX> or B<SSL> structures by providing a common
|
2012-11-20 01:01:33 +00:00
|
|
|
framework for command line options or configuration files.
|
|
|
|
|
2013-10-18 15:09:12 +00:00
|
|
|
SSL_CONF_cmd_value_type() returns the type of value that B<cmd> refers to.
|
|
|
|
|
2012-11-20 01:01:33 +00:00
|
|
|
=head1 SUPPORTED COMMAND LINE COMMANDS
|
|
|
|
|
|
|
|
Currently supported B<cmd> names for command lines (i.e. when the
|
|
|
|
flag B<SSL_CONF_CMDLINE> is set) are listed below. Note: all B<cmd> names
|
2014-01-10 23:01:30 +00:00
|
|
|
are case sensitive. Unless otherwise stated commands can be used by
|
2012-11-20 01:01:33 +00:00
|
|
|
both clients and servers and the B<value> parameter is not used. The default
|
|
|
|
prefix for command line commands is B<-> and that is reflected below.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item B<-sigalgs>
|
|
|
|
|
|
|
|
This sets the supported signature algorithms for TLS v1.2. For clients this
|
|
|
|
value is used directly for the supported signature algorithms extension. For
|
|
|
|
servers it is used to determine which signature algorithms to support.
|
|
|
|
|
|
|
|
The B<value> argument should be a colon separated list of signature algorithms
|
|
|
|
in order of decreasing preference of the form B<algorithm+hash>. B<algorithm>
|
|
|
|
is one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported algorithm
|
|
|
|
OID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384> of B<SHA512>.
|
|
|
|
Note: algorithm and hash names are case sensitive.
|
|
|
|
|
|
|
|
If this option is not set then all signature algorithms supported by the
|
|
|
|
OpenSSL library are permissible.
|
|
|
|
|
|
|
|
=item B<-client_sigalgs>
|
|
|
|
|
|
|
|
This sets the supported signature algorithms associated with client
|
|
|
|
authentication for TLS v1.2. For servers the value is used in the supported
|
|
|
|
signature algorithms field of a certificate request. For clients it is
|
|
|
|
used to determine which signature algorithm to with the client certificate.
|
|
|
|
If a server does not request a certificate this option has no effect.
|
|
|
|
|
|
|
|
The syntax of B<value> is identical to B<-sigalgs>. If not set then
|
|
|
|
the value set for B<-sigalgs> will be used instead.
|
|
|
|
|
2017-05-03 15:39:57 +00:00
|
|
|
=item B<-groups>
|
|
|
|
|
|
|
|
This sets the supported groups. For clients, the groups are
|
|
|
|
sent using the supported groups extension. For servers, it is used
|
|
|
|
to determine which group to use. This setting affects groups used for both
|
|
|
|
signatures and key exchange, if applicable. It also affects the preferred
|
|
|
|
key_share sent by a client in a TLSv1.3 compatible connection.
|
|
|
|
|
|
|
|
The B<value> argument is a colon separated list of groups. The group can be
|
|
|
|
either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
|
|
|
|
applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g B<prime256v1>). Group
|
|
|
|
names are case sensitive. The list should be in order of preference with the
|
|
|
|
most preferred group first. The first listed group will be the one used for a
|
|
|
|
key_share by a TLSv1.3 client.
|
|
|
|
|
|
|
|
=item B<-curves>
|
|
|
|
|
|
|
|
This is a synonym for the "-groups" command.
|
|
|
|
|
|
|
|
|
2012-11-20 01:01:33 +00:00
|
|
|
=item B<-named_curve>
|
|
|
|
|
2015-12-06 16:56:41 +00:00
|
|
|
This sets the temporary curve used for ephemeral ECDH modes. Only used by
|
2012-11-20 01:01:33 +00:00
|
|
|
servers
|
|
|
|
|
|
|
|
The B<value> argument is a curve name or the special value B<auto> which
|
|
|
|
picks an appropriate curve based on client and server preferences. The curve
|
|
|
|
can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
|
|
|
|
(e.g B<prime256v1>). Curve names are case sensitive.
|
|
|
|
|
|
|
|
=item B<-cipher>
|
|
|
|
|
|
|
|
Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is
|
2015-12-06 16:56:41 +00:00
|
|
|
currently not performed unless a B<SSL> or B<SSL_CTX> structure is
|
2012-11-20 01:01:33 +00:00
|
|
|
associated with B<cctx>.
|
|
|
|
|
2013-10-18 15:09:12 +00:00
|
|
|
=item B<-cert>
|
|
|
|
|
|
|
|
Attempts to use the file B<value> as the certificate for the appropriate
|
2014-07-03 02:42:40 +00:00
|
|
|
context. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX>
|
|
|
|
structure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL>
|
2013-10-18 15:09:12 +00:00
|
|
|
structure is set. This option is only supported if certificate operations
|
|
|
|
are permitted.
|
|
|
|
|
|
|
|
=item B<-key>
|
|
|
|
|
|
|
|
Attempts to use the file B<value> as the private key for the appropriate
|
|
|
|
context. This option is only supported if certificate operations
|
|
|
|
are permitted. Note: if no B<-key> option is set then a private key is
|
2015-02-16 13:44:22 +00:00
|
|
|
not loaded unless the flag B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set.
|
2013-10-18 15:09:12 +00:00
|
|
|
|
2013-10-22 06:35:22 +00:00
|
|
|
=item B<-dhparam>
|
|
|
|
|
|
|
|
Attempts to use the file B<value> as the set of temporary DH parameters for
|
|
|
|
the appropriate context. This option is only supported if certificate
|
|
|
|
operations are permitted.
|
|
|
|
|
2017-04-05 16:35:25 +00:00
|
|
|
=item B<-record_padding>
|
|
|
|
|
|
|
|
Attempts to pad TLS 1.3 records so that they are a multiple of B<value> in
|
|
|
|
length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the
|
|
|
|
B<value> must be >1 or <=16384.
|
|
|
|
|
2017-05-10 20:46:14 +00:00
|
|
|
=item B<-no_renegotiation>
|
|
|
|
|
|
|
|
Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
|
|
|
|
B<SSL_OP_NO_RENEGOTIATION>.
|
|
|
|
|
2015-12-06 16:56:41 +00:00
|
|
|
=item B<-min_protocol>, B<-max_protocol>
|
|
|
|
|
|
|
|
Sets the minimum and maximum supported protocol.
|
2015-12-29 08:19:24 +00:00
|
|
|
Currently supported protocol values are B<SSLv3>, B<TLSv1>,
|
2016-01-02 19:06:07 +00:00
|
|
|
B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS,
|
|
|
|
and B<None> for no limit.
|
2015-12-29 08:19:24 +00:00
|
|
|
If the either bound is not specified then only the other bound applies,
|
|
|
|
if specified.
|
|
|
|
To restrict the supported protocol versions use these commands rather
|
|
|
|
than the deprecated alternative commands below.
|
2015-12-06 16:56:41 +00:00
|
|
|
|
2016-10-21 16:39:33 +00:00
|
|
|
=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
|
2012-11-20 01:01:33 +00:00
|
|
|
|
2016-10-21 16:39:33 +00:00
|
|
|
Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by
|
|
|
|
setting the corresponding options B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
|
|
|
|
B<SSL_OP_NO_TLSv1_1>, B<SSL_OP_NO_TLSv1_2> and B<SSL_OP_NO_TLSv1_3>
|
|
|
|
respectively. These options are deprecated, instead use B<-min_protocol> and
|
|
|
|
B<-max_protocol>.
|
2012-11-20 01:01:33 +00:00
|
|
|
|
|
|
|
=item B<-bugs>
|
|
|
|
|
|
|
|
Various bug workarounds are set, same as setting B<SSL_OP_ALL>.
|
|
|
|
|
2016-02-02 15:26:38 +00:00
|
|
|
=item B<-comp>
|
2012-11-20 01:01:33 +00:00
|
|
|
|
2016-02-03 21:45:39 +00:00
|
|
|
Enables support for SSL/TLS compression, same as clearing
|
|
|
|
B<SSL_OP_NO_COMPRESSION>.
|
|
|
|
This command was introduced in OpenSSL 1.1.0.
|
|
|
|
As of OpenSSL 1.1.0, compression is off by default.
|
|
|
|
|
|
|
|
=item B<-no_comp>
|
|
|
|
|
|
|
|
Disables support for SSL/TLS compression, same as setting
|
|
|
|
B<SSL_OP_NO_COMPRESSION>.
|
|
|
|
As of OpenSSL 1.1.0, compression is off by default.
|
2012-11-20 01:01:33 +00:00
|
|
|
|
|
|
|
=item B<-no_ticket>
|
|
|
|
|
|
|
|
Disables support for session tickets, same as setting B<SSL_OP_NO_TICKET>.
|
|
|
|
|
|
|
|
=item B<-serverpref>
|
|
|
|
|
|
|
|
Use server and not client preference order when determining which cipher suite,
|
|
|
|
signature algorithm or elliptic curve to use for an incoming connection.
|
|
|
|
Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
|
|
|
|
|
2014-03-27 15:51:25 +00:00
|
|
|
=item B<-no_resumption_on_reneg>
|
|
|
|
|
|
|
|
set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.
|
|
|
|
|
2012-11-20 01:01:33 +00:00
|
|
|
=item B<-legacyrenegotiation>
|
|
|
|
|
|
|
|
permits the use of unsafe legacy renegotiation. Equivalent to setting
|
|
|
|
B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
|
|
|
|
|
|
|
|
=item B<-legacy_server_connect>, B<-no_legacy_server_connect>
|
|
|
|
|
|
|
|
permits or prohibits the use of unsafe legacy renegotiation for OpenSSL
|
|
|
|
clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>.
|
|
|
|
Set by default.
|
|
|
|
|
2017-07-03 14:59:30 +00:00
|
|
|
=item B<-allow_no_dhe_kex>
|
|
|
|
|
|
|
|
In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means
|
|
|
|
that there will be no forward secrecy for the resumed session.
|
|
|
|
|
2012-11-20 01:01:33 +00:00
|
|
|
=item B<-strict>
|
|
|
|
|
|
|
|
enables strict mode protocol handling. Equivalent to setting
|
|
|
|
B<SSL_CERT_FLAG_TLS_STRICT>.
|
|
|
|
|
|
|
|
=back
|
2012-11-16 19:12:24 +00:00
|
|
|
|
|
|
|
=head1 SUPPORTED CONFIGURATION FILE COMMANDS
|
|
|
|
|
|
|
|
Currently supported B<cmd> names for configuration files (i.e. when the
|
|
|
|
flag B<SSL_CONF_FLAG_FILE> is set) are listed below. All configuration file
|
2014-07-01 16:55:32 +00:00
|
|
|
B<cmd> names are case insensitive so B<signaturealgorithms> is recognised
|
2012-11-17 00:21:34 +00:00
|
|
|
as well as B<SignatureAlgorithms>. Unless otherwise stated the B<value> names
|
2012-11-16 19:12:24 +00:00
|
|
|
are also case insensitive.
|
|
|
|
|
|
|
|
Note: the command prefix (if set) alters the recognised B<cmd> values.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
2012-12-06 23:26:11 +00:00
|
|
|
=item B<CipherString>
|
2012-11-16 19:12:24 +00:00
|
|
|
|
|
|
|
Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is
|
2015-12-06 16:56:41 +00:00
|
|
|
currently not performed unless an B<SSL> or B<SSL_CTX> structure is
|
2012-11-16 19:12:24 +00:00
|
|
|
associated with B<cctx>.
|
|
|
|
|
2013-10-18 15:09:12 +00:00
|
|
|
=item B<Certificate>
|
|
|
|
|
|
|
|
Attempts to use the file B<value> as the certificate for the appropriate
|
2014-07-03 02:42:40 +00:00
|
|
|
context. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX>
|
|
|
|
structure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL>
|
2013-10-18 15:09:12 +00:00
|
|
|
structure is set. This option is only supported if certificate operations
|
|
|
|
are permitted.
|
|
|
|
|
|
|
|
=item B<PrivateKey>
|
|
|
|
|
|
|
|
Attempts to use the file B<value> as the private key for the appropriate
|
|
|
|
context. This option is only supported if certificate operations
|
2015-02-16 13:44:22 +00:00
|
|
|
are permitted. Note: if no B<PrivateKey> option is set then a private key is
|
|
|
|
not loaded unless the B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set.
|
2013-10-18 15:09:12 +00:00
|
|
|
|
2015-07-14 13:18:37 +00:00
|
|
|
=item B<ChainCAFile>, B<ChainCAPath>, B<VerifyCAFile>, B<VerifyCAPath>
|
|
|
|
|
|
|
|
These options indicate a file or directory used for building certificate
|
|
|
|
chains or verifying certificate chains. These options are only supported
|
|
|
|
if certificate operations are permitted.
|
|
|
|
|
2017-03-31 16:15:22 +00:00
|
|
|
=item B<RequestCAFile>
|
|
|
|
|
|
|
|
This option indicates a file containing a set of certificates in PEM form.
|
|
|
|
The subject names of the certificates are sent to the peer in the
|
|
|
|
B<certificate_authorities> extension for TLS 1.3 (in ClientHello or
|
|
|
|
CertificateRequest) or in a certificate request for previous versions or
|
|
|
|
TLS.
|
|
|
|
|
2014-01-03 23:13:40 +00:00
|
|
|
=item B<ServerInfoFile>
|
|
|
|
|
|
|
|
Attempts to use the file B<value> in the "serverinfo" extension using the
|
|
|
|
function SSL_CTX_use_serverinfo_file.
|
|
|
|
|
2013-10-22 06:35:22 +00:00
|
|
|
=item B<DHParameters>
|
|
|
|
|
|
|
|
Attempts to use the file B<value> as the set of temporary DH parameters for
|
|
|
|
the appropriate context. This option is only supported if certificate
|
|
|
|
operations are permitted.
|
|
|
|
|
2017-04-05 16:35:25 +00:00
|
|
|
=item B<RecordPadding>
|
|
|
|
|
|
|
|
Attempts to pad TLS 1.3 records so that they are a multiple of B<value> in
|
|
|
|
length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the
|
|
|
|
B<value> must be >1 or <=16384.
|
|
|
|
|
2017-05-10 20:46:14 +00:00
|
|
|
=item B<NoRenegotiation>
|
|
|
|
|
|
|
|
Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
|
|
|
|
B<SSL_OP_NO_RENEGOTIATION>.
|
|
|
|
|
2012-11-16 19:12:24 +00:00
|
|
|
=item B<SignatureAlgorithms>
|
|
|
|
|
|
|
|
This sets the supported signature algorithms for TLS v1.2. For clients this
|
|
|
|
value is used directly for the supported signature algorithms extension. For
|
|
|
|
servers it is used to determine which signature algorithms to support.
|
|
|
|
|
|
|
|
The B<value> argument should be a colon separated list of signature algorithms
|
|
|
|
in order of decreasing preference of the form B<algorithm+hash>. B<algorithm>
|
|
|
|
is one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported algorithm
|
|
|
|
OID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384> of B<SHA512>.
|
|
|
|
Note: algorithm and hash names are case sensitive.
|
|
|
|
|
|
|
|
If this option is not set then all signature algorithms supported by the
|
|
|
|
OpenSSL library are permissible.
|
|
|
|
|
|
|
|
=item B<ClientSignatureAlgorithms>
|
|
|
|
|
|
|
|
This sets the supported signature algorithms associated with client
|
|
|
|
authentication for TLS v1.2. For servers the value is used in the supported
|
|
|
|
signature algorithms field of a certificate request. For clients it is
|
2012-11-17 00:21:34 +00:00
|
|
|
used to determine which signature algorithm to with the client certificate.
|
2012-11-16 19:12:24 +00:00
|
|
|
|
|
|
|
The syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then
|
|
|
|
the value set for B<SignatureAlgorithms> will be used instead.
|
|
|
|
|
2017-05-03 15:39:57 +00:00
|
|
|
=item B<Groups>
|
2012-11-16 19:12:24 +00:00
|
|
|
|
2017-05-03 15:39:57 +00:00
|
|
|
This sets the supported groups. For clients, the groups are
|
|
|
|
sent using the supported groups extension. For servers, it is used
|
|
|
|
to determine which group to use. This setting affects groups used for both
|
|
|
|
signatures and key exchange, if applicable. It also affects the preferred
|
|
|
|
key_share sent by a client in a TLSv1.3 compatible connection.
|
2012-11-16 19:12:24 +00:00
|
|
|
|
2017-05-03 15:39:57 +00:00
|
|
|
The B<value> argument is a colon separated list of groups. The group can be
|
|
|
|
either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
|
|
|
|
applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g B<prime256v1>). Group
|
|
|
|
names are case sensitive. The list should be in order of preference with the
|
|
|
|
most preferred group first. The first listed group will be the one used for a
|
|
|
|
key_share by a TLSv1.3 client.
|
|
|
|
|
|
|
|
=item B<Curves>
|
|
|
|
|
|
|
|
This is a synonym for the "Groups" command.
|
2012-11-16 19:12:24 +00:00
|
|
|
|
2015-12-06 16:56:41 +00:00
|
|
|
=item B<MinProtocol>
|
|
|
|
|
|
|
|
This sets the minimum supported SSL, TLS or DTLS version.
|
|
|
|
|
2015-12-29 08:19:24 +00:00
|
|
|
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
|
|
|
|
B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
|
2016-01-02 19:06:07 +00:00
|
|
|
The value B<None> will disable the limit.
|
2015-12-06 16:56:41 +00:00
|
|
|
|
|
|
|
=item B<MaxProtocol>
|
|
|
|
|
|
|
|
This sets the maximum supported SSL, TLS or DTLS version.
|
|
|
|
|
2015-12-29 08:19:24 +00:00
|
|
|
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
|
|
|
|
B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
|
2016-01-02 19:06:07 +00:00
|
|
|
The value B<None> will disable the limit.
|
2015-12-06 16:56:41 +00:00
|
|
|
|
2012-11-16 19:12:24 +00:00
|
|
|
=item B<Protocol>
|
|
|
|
|
2015-12-29 08:19:24 +00:00
|
|
|
This can be used to enable or disable certain versions of the SSL,
|
|
|
|
TLS or DTLS protocol.
|
2015-12-06 16:56:41 +00:00
|
|
|
|
2015-12-29 08:19:24 +00:00
|
|
|
The B<value> argument is a comma separated list of supported protocols
|
|
|
|
to enable or disable.
|
2015-12-06 16:56:41 +00:00
|
|
|
If a protocol is preceded by B<-> that version is disabled.
|
|
|
|
|
|
|
|
All protocol versions are enabled by default.
|
2015-12-29 08:19:24 +00:00
|
|
|
You need to disable at least one protocol version for this setting have any
|
|
|
|
effect.
|
|
|
|
Only enabling some protocol versions does not disable the other protocol
|
|
|
|
versions.
|
2015-12-06 16:56:41 +00:00
|
|
|
|
2015-12-29 08:19:24 +00:00
|
|
|
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
|
|
|
|
B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
|
2015-12-06 16:56:41 +00:00
|
|
|
The special value B<ALL> refers to all supported versions.
|
2012-11-16 19:12:24 +00:00
|
|
|
|
2015-12-29 08:19:24 +00:00
|
|
|
This can't enable protocols that are disabled using B<MinProtocol>
|
|
|
|
or B<MaxProtocol>, but can disable protocols that are still allowed
|
|
|
|
by them.
|
2015-12-06 16:56:41 +00:00
|
|
|
|
|
|
|
The B<Protocol> command is fragile and deprecated; do not use it.
|
|
|
|
Use B<MinProtocol> and B<MaxProtocol> instead.
|
2015-12-29 08:19:24 +00:00
|
|
|
If you do use B<Protocol>, make sure that the resulting range of enabled
|
|
|
|
protocols has no "holes", e.g. if TLS 1.0 and TLS 1.2 are both enabled, make
|
|
|
|
sure to also leave TLS 1.1 enabled.
|
2012-11-16 19:12:24 +00:00
|
|
|
|
|
|
|
=item B<Options>
|
|
|
|
|
|
|
|
The B<value> argument is a comma separated list of various flags to set.
|
2016-01-11 01:15:04 +00:00
|
|
|
If a flag string is preceded B<-> it is disabled.
|
|
|
|
See the L<SSL_CTX_set_options(3)> function for more details of
|
|
|
|
individual options.
|
2012-11-16 19:12:24 +00:00
|
|
|
|
|
|
|
Each option is listed below. Where an operation is enabled by default
|
|
|
|
the B<-flag> syntax is needed to disable it.
|
|
|
|
|
|
|
|
B<SessionTicket>: session ticket support, enabled by default. Inverse of
|
|
|
|
B<SSL_OP_NO_TICKET>: that is B<-SessionTicket> is the same as setting
|
|
|
|
B<SSL_OP_NO_TICKET>.
|
|
|
|
|
|
|
|
B<Compression>: SSL/TLS compression support, enabled by default. Inverse
|
|
|
|
of B<SSL_OP_NO_COMPRESSION>.
|
|
|
|
|
|
|
|
B<EmptyFragments>: use empty fragments as a countermeasure against a
|
|
|
|
SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It
|
|
|
|
is set by default. Inverse of B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS>.
|
|
|
|
|
2012-11-17 00:21:34 +00:00
|
|
|
B<Bugs>: enable various bug workarounds. Same as B<SSL_OP_ALL>.
|
2012-11-16 19:12:24 +00:00
|
|
|
|
2012-11-17 00:21:34 +00:00
|
|
|
B<DHSingle>: enable single use DH keys, set by default. Inverse of
|
2012-11-16 19:12:24 +00:00
|
|
|
B<SSL_OP_DH_SINGLE>. Only used by servers.
|
|
|
|
|
|
|
|
B<ECDHSingle> enable single use ECDH keys, set by default. Inverse of
|
|
|
|
B<SSL_OP_ECDH_SINGLE>. Only used by servers.
|
|
|
|
|
|
|
|
B<ServerPreference> use server and not client preference order when
|
|
|
|
determining which cipher suite, signature algorithm or elliptic curve
|
|
|
|
to use for an incoming connection. Equivalent to
|
|
|
|
B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
|
|
|
|
|
2014-03-27 15:51:25 +00:00
|
|
|
B<NoResumptionOnRenegotiation> set
|
|
|
|
B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers.
|
|
|
|
|
2012-11-16 19:12:24 +00:00
|
|
|
B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation.
|
|
|
|
Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
|
|
|
|
|
|
|
|
B<UnsafeLegacyServerConnect> permits the use of unsafe legacy renegotiation
|
|
|
|
for OpenSSL clients only. Equivalent to B<SSL_OP_LEGACY_SERVER_CONNECT>.
|
|
|
|
Set by default.
|
|
|
|
|
2016-11-25 16:05:30 +00:00
|
|
|
B<EncryptThenMac>: use encrypt-then-mac extension, enabled by
|
|
|
|
default. Inverse of B<SSL_OP_NO_ENCRYPT_THEN_MAC>: that is,
|
|
|
|
B<-EncryptThenMac> is the same as setting B<SSL_OP_NO_ENCRYPT_THEN_MAC>.
|
2017-07-03 14:59:30 +00:00
|
|
|
|
|
|
|
B<AllowNoDHEKEX>: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on
|
|
|
|
resumption. This means that there will be no forward secrecy for the resumed
|
|
|
|
session. Equivalent to B<SSL_OP_ALLOW_NO_DHE_KEX>.
|
2016-11-25 16:05:30 +00:00
|
|
|
|
2015-07-14 13:18:37 +00:00
|
|
|
=item B<VerifyMode>
|
|
|
|
|
|
|
|
The B<value> argument is a comma separated list of flags to set.
|
|
|
|
|
|
|
|
B<Peer> enables peer verification: for clients only.
|
|
|
|
|
|
|
|
B<Request> requests but does not require a certificate from the client.
|
|
|
|
Servers only.
|
|
|
|
|
|
|
|
B<Require> requests and requires a certificate from the client: an error
|
|
|
|
occurs if the client does not present a certificate. Servers only.
|
|
|
|
|
|
|
|
B<Once> requests a certificate from a client only on the initial connection:
|
|
|
|
not when renegotiating. Servers only.
|
|
|
|
|
|
|
|
=item B<ClientCAFile>, B<ClientCAPath>
|
|
|
|
|
|
|
|
A file or directory of certificates in PEM format whose names are used as the
|
|
|
|
set of acceptable names for client CAs. Servers only. This option is only
|
|
|
|
supported if certificate operations are permitted.
|
|
|
|
|
2012-11-16 19:12:24 +00:00
|
|
|
=back
|
|
|
|
|
2013-10-18 15:09:12 +00:00
|
|
|
=head1 SUPPORTED COMMAND TYPES
|
|
|
|
|
|
|
|
The function SSL_CONF_cmd_value_type() currently returns one of the following
|
|
|
|
types:
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item B<SSL_CONF_TYPE_UNKNOWN>
|
|
|
|
|
|
|
|
The B<cmd> string is unrecognised, this return value can be use to flag
|
|
|
|
syntax errors.
|
|
|
|
|
|
|
|
=item B<SSL_CONF_TYPE_STRING>
|
|
|
|
|
|
|
|
The value is a string without any specific structure.
|
|
|
|
|
|
|
|
=item B<SSL_CONF_TYPE_FILE>
|
|
|
|
|
|
|
|
The value is a file name.
|
|
|
|
|
|
|
|
=item B<SSL_CONF_TYPE_DIR>
|
|
|
|
|
|
|
|
The value is a directory name.
|
|
|
|
|
2015-04-26 12:56:40 +00:00
|
|
|
=item B<SSL_CONF_TYPE_NONE>
|
|
|
|
|
|
|
|
The value string is not used e.g. a command line option which doesn't take an
|
|
|
|
argument.
|
|
|
|
|
2014-04-26 16:10:45 +00:00
|
|
|
=back
|
|
|
|
|
2012-11-16 19:12:24 +00:00
|
|
|
=head1 NOTES
|
|
|
|
|
|
|
|
The order of operations is significant. This can be used to set either defaults
|
|
|
|
or values which cannot be overridden. For example if an application calls:
|
|
|
|
|
2015-10-29 14:50:40 +00:00
|
|
|
SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
|
2012-11-16 19:12:24 +00:00
|
|
|
SSL_CONF_cmd(ctx, userparam, uservalue);
|
|
|
|
|
2015-10-29 14:50:40 +00:00
|
|
|
it will disable SSLv3 support by default but the user can override it. If
|
2012-11-16 19:12:24 +00:00
|
|
|
however the call sequence is:
|
|
|
|
|
|
|
|
SSL_CONF_cmd(ctx, userparam, uservalue);
|
2015-10-29 14:50:40 +00:00
|
|
|
SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
|
2012-11-16 19:12:24 +00:00
|
|
|
|
2015-10-29 14:50:40 +00:00
|
|
|
SSLv3 is B<always> disabled and attempt to override this by the user are
|
2012-11-16 19:12:24 +00:00
|
|
|
ignored.
|
|
|
|
|
2017-03-28 06:30:43 +00:00
|
|
|
By checking the return code of SSL_CONF_cmd() it is possible to query if a
|
2017-08-11 14:15:22 +00:00
|
|
|
given B<cmd> is recognised, this is useful if SSL_CONF_cmd() values are
|
2012-11-16 19:12:24 +00:00
|
|
|
mixed with additional application specific operations.
|
|
|
|
|
2017-03-28 06:30:43 +00:00
|
|
|
For example an application might call SSL_CONF_cmd() and if it returns
|
2012-11-16 19:12:24 +00:00
|
|
|
-2 (unrecognised command) continue with processing of application specific
|
|
|
|
commands.
|
|
|
|
|
2017-03-28 06:30:43 +00:00
|
|
|
Applications can also use SSL_CONF_cmd() to process command lines though the
|
|
|
|
utility function SSL_CONF_cmd_argv() is normally used instead. One way
|
2012-11-18 18:06:16 +00:00
|
|
|
to do this is to set the prefix to an appropriate value using
|
|
|
|
SSL_CONF_CTX_set1_prefix(), pass the current argument to B<cmd> and the
|
|
|
|
following argument to B<value> (which may be NULL).
|
2012-11-16 19:12:24 +00:00
|
|
|
|
|
|
|
In this case if the return value is positive then it is used to skip that
|
2017-03-28 06:30:43 +00:00
|
|
|
number of arguments as they have been processed by SSL_CONF_cmd(). If -2 is
|
2012-11-16 19:12:24 +00:00
|
|
|
returned then B<cmd> is not recognised and application specific arguments
|
|
|
|
can be checked instead. If -3 is returned a required argument is missing
|
|
|
|
and an error is indicated. If 0 is returned some other error occurred and
|
|
|
|
this can be reported back to the user.
|
|
|
|
|
2015-12-06 16:56:41 +00:00
|
|
|
The function SSL_CONF_cmd_value_type() can be used by applications to
|
2013-10-18 15:09:12 +00:00
|
|
|
check for the existence of a command or to perform additional syntax
|
|
|
|
checking or translation of the command value. For example if the return
|
|
|
|
value is B<SSL_CONF_TYPE_FILE> an application could translate a relative
|
|
|
|
pathname to an absolute pathname.
|
|
|
|
|
2012-11-16 19:12:24 +00:00
|
|
|
=head1 EXAMPLES
|
|
|
|
|
|
|
|
Set supported signature algorithms:
|
|
|
|
|
|
|
|
SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
|
|
|
|
|
2016-05-01 17:52:58 +00:00
|
|
|
There are various ways to select the supported protocols.
|
2015-12-06 16:56:41 +00:00
|
|
|
|
|
|
|
This set the minimum protocol version to TLSv1, and so disables SSLv3.
|
|
|
|
This is the recommended way to disable protocols.
|
|
|
|
|
|
|
|
SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1");
|
|
|
|
|
|
|
|
The following also disables SSLv3:
|
|
|
|
|
|
|
|
SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
|
|
|
|
|
2015-12-29 08:19:24 +00:00
|
|
|
The following will first enable all protocols, and then disable
|
|
|
|
SSLv3.
|
|
|
|
If no protocol versions were disabled before this has the same effect as
|
|
|
|
"-SSLv3", but if some versions were disables this will re-enable them before
|
|
|
|
disabling SSLv3.
|
2012-11-16 19:12:24 +00:00
|
|
|
|
2015-10-29 14:50:40 +00:00
|
|
|
SSL_CONF_cmd(ctx, "Protocol", "ALL,-SSLv3");
|
2012-11-16 19:12:24 +00:00
|
|
|
|
|
|
|
Only enable TLSv1.2:
|
|
|
|
|
2015-12-06 16:56:41 +00:00
|
|
|
SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2");
|
|
|
|
SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2");
|
|
|
|
|
|
|
|
This also only enables TLSv1.2:
|
|
|
|
|
2012-11-16 19:12:24 +00:00
|
|
|
SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2");
|
|
|
|
|
|
|
|
Disable TLS session tickets:
|
|
|
|
|
|
|
|
SSL_CONF_cmd(ctx, "Options", "-SessionTicket");
|
|
|
|
|
2016-02-02 15:26:38 +00:00
|
|
|
Enable compression:
|
|
|
|
|
|
|
|
SSL_CONF_cmd(ctx, "Options", "Compression");
|
|
|
|
|
2012-11-16 19:12:24 +00:00
|
|
|
Set supported curves to P-256, P-384:
|
|
|
|
|
|
|
|
SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");
|
|
|
|
|
|
|
|
Set automatic support for any elliptic curve for key exchange:
|
|
|
|
|
|
|
|
SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic");
|
|
|
|
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
|
2013-02-26 15:27:56 +00:00
|
|
|
SSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is
|
2012-11-16 19:12:24 +00:00
|
|
|
B<NOT> used and 2 if both B<cmd> and B<value> are used. In other words it
|
|
|
|
returns the number of arguments processed. This is useful when processing
|
|
|
|
command lines.
|
|
|
|
|
|
|
|
A return value of -2 means B<cmd> is not recognised.
|
|
|
|
|
|
|
|
A return value of -3 means B<cmd> is recognised and the command requires a
|
|
|
|
value but B<value> is NULL.
|
|
|
|
|
|
|
|
A return code of 0 indicates that both B<cmd> and B<value> are valid but an
|
|
|
|
error occurred attempting to perform the operation: for example due to an
|
|
|
|
error in the syntax of B<value> in this case the error queue may provide
|
|
|
|
additional information.
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
2015-08-17 19:21:33 +00:00
|
|
|
L<SSL_CONF_CTX_new(3)>,
|
|
|
|
L<SSL_CONF_CTX_set_flags(3)>,
|
|
|
|
L<SSL_CONF_CTX_set1_prefix(3)>,
|
|
|
|
L<SSL_CONF_CTX_set_ssl_ctx(3)>,
|
2016-01-11 01:15:04 +00:00
|
|
|
L<SSL_CONF_cmd_argv(3)>,
|
|
|
|
L<SSL_CTX_set_options(3)>
|
2012-11-16 19:12:24 +00:00
|
|
|
|
|
|
|
=head1 HISTORY
|
|
|
|
|
2013-02-26 15:27:56 +00:00
|
|
|
SSL_CONF_cmd() was first added to OpenSSL 1.0.2
|
2012-11-16 19:12:24 +00:00
|
|
|
|
2015-12-29 08:19:24 +00:00
|
|
|
B<SSL_OP_NO_SSL2> doesn't have effect since 1.1.0, but the macro is retained
|
|
|
|
for backwards compatibility.
|
2014-11-30 14:35:22 +00:00
|
|
|
|
2015-04-26 12:56:40 +00:00
|
|
|
B<SSL_CONF_TYPE_NONE> was first added to OpenSSL 1.1.0. In earlier versions of
|
|
|
|
OpenSSL passing a command which didn't take an argument would return
|
|
|
|
B<SSL_CONF_TYPE_UNKNOWN>.
|
|
|
|
|
2015-12-06 16:56:41 +00:00
|
|
|
B<MinProtocol> and B<MaxProtocol> where added in OpenSSL 1.1.0.
|
|
|
|
|
2016-05-18 15:44:05 +00:00
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
|
|
Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
|
|
|
|
Licensed under the OpenSSL license (the "License"). You may not use
|
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
=cut
|