187 lines
5.1 KiB
Text
187 lines
5.1 KiB
Text
=pod
|
|
|
|
=head1 NAME
|
|
|
|
SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
long SSL_CTX_set_options(SSL_CTX *ctx, long options);
|
|
long SSL_set_options(SSL *ssl, long options);
|
|
|
|
long SSL_CTX_get_options(SSL_CTX *ctx);
|
|
long SSL_get_options(SSL *ssl);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
|
|
Options already set before are not cleared.
|
|
|
|
SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
|
|
Options already set before are not cleared.
|
|
|
|
SSL_CTX_get_options() returns the options set for B<ctx>.
|
|
|
|
SSL_get_options() returns the options set for B<ssl>.
|
|
|
|
=head1 NOTES
|
|
|
|
The behaviour of the SSL library can be changed by setting several options.
|
|
The options are coded as bitmasks and can be combined by a logical B<or>
|
|
operation (|). Options can only be added but can never be reset.
|
|
|
|
During a handshake, the option settings of the SSL object used. When
|
|
a new SSL object is created from a context using SSL_new(), the current
|
|
option setting is copied. Changes to B<ctx> do not affect already created
|
|
SSL objects. SSL_clear() does not affect the settings.
|
|
|
|
The following B<bug workaround> options are available:
|
|
|
|
=over 4
|
|
|
|
=item SSL_OP_MICROSOFT_SESS_ID_BUG
|
|
|
|
www.microsoft.com - when talking SSLv2, if session-id reuse is
|
|
performed, the session-id passed back in the server-finished message
|
|
is different from the one decided upon.
|
|
|
|
=item SSL_OP_NETSCAPE_CHALLENGE_BUG
|
|
|
|
Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
|
|
challenge but then appears to only use 16 bytes when generating the
|
|
encryption keys. Using 16 bytes is ok but it should be ok to use 32.
|
|
According to the SSLv3 spec, one should use 32 bytes for the challenge
|
|
when operating in SSLv2/v3 compatibility mode, but as mentioned above,
|
|
this breaks this server so 16 bytes is the way to go.
|
|
|
|
=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
|
|
|
ssl3.netscape.com:443, first a connection is established with RC4-MD5.
|
|
If it is then resumed, we end up using DES-CBC3-SHA. It should be
|
|
RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
|
|
|
|
Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
|
|
It only really shows up when connecting via SSLv2/v3 then reconnecting
|
|
via SSLv3. The cipher list changes....
|
|
|
|
NEW INFORMATION. Try connecting with a cipher list of just
|
|
DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses
|
|
RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
|
|
doing a re-connect, always takes the first cipher in the cipher list.
|
|
|
|
=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
|
|
|
|
...
|
|
|
|
=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
|
|
|
|
...
|
|
|
|
=item SSL_OP_MSIE_SSLV2_RSA_PADDING
|
|
|
|
...
|
|
|
|
=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
|
|
|
|
...
|
|
|
|
=item SSL_OP_TLS_D5_BUG
|
|
|
|
...
|
|
|
|
=item SSL_OP_TLS_BLOCK_PADDING_BUG
|
|
|
|
...
|
|
|
|
=item SSL_OP_TLS_ROLLBACK_BUG
|
|
|
|
Disable version rollback attack detection.
|
|
|
|
During the client key exchange, the client must send the same information
|
|
about acceptable SSL/TLS protocol levels as during the first hello. Some
|
|
clients violate this rule by adapting to the server's answer. (Example:
|
|
the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
|
|
only understands up to SSLv3. In this case the client must still use the
|
|
same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
|
|
to the server's answer and violate the version rollback protection.)
|
|
|
|
=item SSL_OP_ALL
|
|
|
|
All of the above bug workarounds.
|
|
|
|
=back
|
|
|
|
It is save and recommended to use SSL_OP_ALL to enable the bug workaround
|
|
options.
|
|
|
|
The following B<modifying> options are available:
|
|
|
|
=over 4
|
|
|
|
=item SSL_OP_SINGLE_DH_USE
|
|
|
|
Always create a new key when using temporary DH parameters
|
|
(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
|
|
|
|
=item SSL_OP_EPHEMERAL_RSA
|
|
|
|
Also use ephemeral (temporary) RSA key when doing RSA operations
|
|
(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
|
|
|
|
=item SSL_OP_PKCS1_CHECK_1
|
|
|
|
...
|
|
|
|
=item SSL_OP_PKCS1_CHECK_2
|
|
|
|
...
|
|
|
|
=item SSL_OP_NETSCAPE_CA_DN_BUG
|
|
|
|
If we accept a netscape connection, demand a client cert, have a
|
|
non-self-sighed CA which does not have it's CA in netscape, and the
|
|
browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
|
|
|
|
=item SSL_OP_NON_EXPORT_FIRST
|
|
|
|
On servers try to use non-export (stronger) ciphers first. This option does
|
|
not work under all circumstances (in the code it is declared "broken").
|
|
|
|
=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
|
|
|
|
...
|
|
|
|
=item SSL_OP_NO_SSLv2
|
|
|
|
Do not use the SSLv2 protocol.
|
|
|
|
=item SSL_OP_NO_SSLv3
|
|
|
|
Do not use the SSLv3 protocol.
|
|
|
|
=item SSL_OP_NO_TLSv1
|
|
|
|
Do not use the TLSv1 protocol.
|
|
|
|
=back
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
|
|
after adding B<options>.
|
|
|
|
SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
|
|
L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
|
|
L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
SSL_OP_TLS_ROLLBACK_BUG has been added in OpenSSL 0.9.6.
|
|
|
|
=cut
|