Pike v8.0 release 1738

Method SSL.Context()->get_suites()

Method get_suites

array(int) get_suites(int(-1..)|void min_keylength, int(0..2)|void ke_flags, multiset(int)|void blacklisted_ciphers, multiset(KeyExchangeType)|void blacklisted_kes, multiset(HashAlgorithm)|void blacklisted_hashes, multiset(CipherModes)|void blacklisted_ciphermodes)

Description

Get the prioritized list of supported cipher suites that satisfy the requirements.

Parameter min_keylength

Minimum supported effective keylength in bits. Defaults to 128. Specify -1 to enable null ciphers.

Parameter ke_mode

Level of protection for the key exchange.

0

Require forward secrecy (ephemeral keys).

1

Also allow certificate based key exchanges.

2

Allow anonymous server key exchange. Note that this allows for man in the middle attacks.

Parameter blacklisted_ciphers

Multiset of ciphers that are NOT to be used.

Parameter blacklisted_kes

Multiset of key exchange methods that are NOT to be used.

Parameter blacklisted_hashes

Multiset of hash algoriths that are NOT to be used.

Parameter blacklisted_ciphermodes

Multiset of cipher modes that are NOT to be used.

Note

Note that the effective keylength may differ from the actual keylength for old ciphers where there are known attacks.