Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   12896 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

SSL_CTX_set_cipher_list(3)			    SSL_CTX_set_cipher_list(3)

NAME
       SSL_CTX_set_cipher_list, SSL_set_cipher_list - Choose list of available
       SSL_CIPHERs

SYNOPSIS
       #include <openssl/ssl.h>

       int SSL_CTX_set_cipher_list(
	       SSL_CTX *ctx,
	       const char *str ); int SSL_set_cipher_list(
	       SSL *ssl,
	       const char *str );

DESCRIPTION
       The SSL_CTX_set_cipher_list()  function	sets  the  list	 of  available
       ciphers	for ctx using the control string str. The format of the string
       is described in ciphers(1). The list of ciphers is inherited by all ssl
       objects created from ctx.

       The  SSL_set_cipher_list()  function  sets the list of ciphers only for
       ssl.

NOTES
       The control string str should be universally usable and not  depend  on
       details	of  the	 library configuration (ciphers compiled in).  Thus no
       syntax checking takes place. Items that are not recognized, because the
       corresponding ciphers are not compiled in or because they are mistyped,
       are ignored. Failure is only flagged if no ciphers could be collected.

       Inclusion of a cipher to be used into the list is  a  necessary	condi‐
       tion.   On  the client side, the inclusion into the list is also suffi‐
       cient. On the server side, additional restrictions apply.  All  ciphers
       have  additional	 requirements.	ADH ciphers do not need a certificate,
       but DH-parameters must have been set.  All other ciphers need a	corre‐
       sponding certificate and key.

       An  RSA cipher can only be chosen when an RSA certificate is available.
       RSA export ciphers with a keylength of 512 bits. The RSA key requires a
       temporary  512-bit RSA key, and typically the supplied key has a length
       of 1024 bit.  (See SSL_CTX_set_tmp_rsa_callback(3)).  RSA ciphers using
       EDH  need  a  certificate  and  key  and additional DH-parameters. (See
       SSL_CTX_set_tmp_dh_callback(3)).

       A DSA cipher can only be chosen when a DSA  certificate	is  available.
       DSA  ciphers  always  use DH key exchange and therefore need DH-parame‐
       ters.  (See SSL_CTX_set_tmp_dh_callback(3)).

       When these conditions are not met for any cipher in the	list  (e.g.  a
       client	only supports export RSA ciphers with an asymmetric key length
       of 512  bits and the server is not  configured  to  use	temporary  RSA
       keys),  the SSL_R_NO_SHARED_CIPHER error is generated and the handshake
       will fail.

RETURN VALUES
       The  SSL_CTX_set_cipher_list()  and   SSL_set_cipher_list()   functions
       return 1 if any cipher could be selected and 0 on complete failure.

SEE ALSO
       Commands: ciphers(1)

       Functions:   ssl(3),   SSL_get_ciphers(3),  SSL_CTX_use_certificate(3),
       SSL_CTX_set_tmp_rsa_callback(3), SSL_CTX_set_tmp_dh_callback(3)

						    SSL_CTX_set_cipher_list(3)

Vote for polarhome