Security protocol components for C
|
| RSA BSAFE SSL-C |
Security protocol components for C |
| Search |
SSL_OP options that control the behavior of the protocol implementation.
Pass SSL_OP_ALL as the parameter to SSL_CTX_set_options() to enable maximum bug-compatibility mode (that is, maximum interoperability). Defines | |
| #define | SSL_OP_MICROSOFT_SESS_ID_BUG |
| Indicates a Microsoft SSLv2 session identifier reuse error. More... | |
| #define | SSL_OP_NETSCAPE_CHALLENGE_BUG |
| Indicates a Netscape SSLv2 challenge length error. More... | |
| #define | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG |
| Indicates a Netscape SSLv3 changing reused cipher error. More... | |
| #define | SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG |
| Indicates an SSLv2 session identifier reuse certificate type error. More... | |
| #define | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
| Indicates a large SSLv3 packet error. More... | |
| #define | SSL_OP_MSIE_SSLV2_RSA_PADDING |
| Indicates Microsoft SSLv2 rollback attacks on SSLv3 clients. More... | |
| #define | SSL_OP_SSLEAY_080_CLIENT_DH_BUG |
| Indicates an SSLeay version 0.8.0 Diffie-Hellman encoding error. More... | |
| #define | SSL_OP_TLS_D5_BUG |
| Indicates an ephemeral RSA encoding error. More... | |
| #define | SSL_OP_TLS_BLOCK_PADDING_BUG |
| Indicates a Transport Layer Security (TLS) block encoding error. More... | |
| #define | SSL_OP_TLS_ROLLBACK_BUG |
| Indicates a Transport Layer Security (TLS) protocol rollback checking error. More... | |
| #define | SSL_OP_MS_SGC |
| Turns on compatibility with Microsoft Server Gated Cryptography (SGC). More... | |
| #define | SSL_OP_DHANON_NULL_SIGNATURE_OK |
Indicates that the client should allow a NULL Diffie-Hellman anonymous signature rather than rejecting it. | |
| #define | SSL_OP_ALL |
| Enables the following bug compatibility options: | |
| #define | SSL_OP_MULTIPRIME_TMP_RSA_KEYS |
| Turns on MultiPrime for temporary RSA key generation. | |
| #define | SSL_OP_QUIET_SHUTDOWN |
| Enables shutdown without sending a notification to the peer. More... | |
| #define | SSL_OP_ANYTIME_SHUTDOWN |
| Enables shutdown at any time including during the handshake. More... | |
| #define | SSL_OP_SSLC2_DH_BUG |
| Enables compatibility with SSL-C 2.0 and SSL-J 4.x when using Diffie-Hellman key exchange. | |
| #define | SSL_OP_SINGLE_DH_USE |
Ensures tmp_dh parameters are used only once. | |
| #define | SSL_OP_EPHEMERAL_RSA |
Uses the tmp_rsa key during RSA operations. | |
| #define | SSL_OP_REUSE_DELAY_CLIENT_FINISHED |
| Indicates that reuse delay client is finished. More... | |
| #define | SSL_OP_DELAY_READ_SERVER_FINISHED |
| Delays reading of the server finished message on the client until the after sending the first block of application data. More... | |
| #define | SSL_OP_NO_SSLv2 |
| Prevents an SSLv2 connection. More... | |
| #define | SSL_OP_NO_SSLv3 |
| Prevents an SSLv3 connection. More... | |
| #define | SSL_OP_NO_TLSv1 |
| Prevents a Transport Layer Security (TLS) v1 connection. More... | |
| #define | SSL_OP_PKCS1_CHECK_1 |
| Deliberately changes the ciphertext and is a check for the PKCS #1 attack (that is, diagnostic code). | |
| #define | SSL_OP_PKCS1_CHECK_2 |
| Deliberately changes the ciphertext and is a check for the PKCS #1 attack (that is, diagnostic code). | |
| #define | SSL_OP_NETSCAPE_CA_DN_BUG |
| Indicates a Netscape SSLv3 Certification Authority (CA) Distinguished Name (DN) encoding error. More... | |
| #define | SSL_OP_NON_EXPORT_FIRST |
| Prevents the server from automatically upgrading an SSLv23 handshake to SSLv3 where no strong (that is, non export) SSLv3 cipher suites are supported by the client (but strong SSLv2 cipher suites are available). | |
| #define | SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG |
| A bug compatibility flag. | |
|
|
Enables the following bug compatibility options:
|
|
|
Enables shutdown at any time including during the handshake.
|
|
|
Delays reading of the server finished message on the client until the after sending the first block of application data. This option change deliberately deviates from the SSL protocol to increase the speed of the handshake. |
|
|
Indicates a large SSLv3 packet error. Some versions of Microsoft IE send SSLv3 packets greater than 18k+5 Bytes which is prohibited by the SSLv3 specification. Navigator rejects the large packets. Enabling this option allows SSL connections to read the large packets. |
|
|
Indicates a Microsoft SSLv2 session identifier reuse error. This error occurs with SSLv2 when using session identifier reuse - the session identifier returned in the |
|
|
Turns on compatibility with Microsoft Server Gated Cryptography (SGC). SGC allows the use of strong cryptography under export conditions in approved circumstances. |
|
|
Indicates Microsoft SSLv2 rollback attacks on SSLv3 clients. When doing SSLv2 (SSLv3 turned off), MSIE 3.02 always uses the SSLv23 special PKCS #1 padding (8 Bytes of value 3). This should not occur for connections that only request SSLv2. |
|
|
Indicates a Netscape SSLv3 Certification Authority (CA) Distinguished Name (DN) encoding error. Some Netscape web servers do not encode CAs' DNs correctly when prompting for a client certificate. The outer sequence on each DN is missing. This bug option provides an alternative encoding system. |
|
|
Indicates a Netscape SSLv2 challenge length error. Netscape-Commerce v1.12 using SSLv2 accepts a 32-Byte challenge. However, only 16 Bytes are used for generating the encryption keys. According to the SSLv3 specification the challenge should be 32 Bytes when operating in SSLv23 compatibility mode. However, since this breaks the server, developers must use only 16 Bytes. This error is serious because it means all SSLv23 client applications must use 16-Byte challenge keys, instead of 32 as recommended by the specification. Enabling this operation works around this issue. |
|
|
Indicates a Netscape SSLv3 changing reused cipher error. The first available cipher is used when establishing an SSLv3 connection. If a session is resumed, a different cipher may be chosen if it precedes the previously chosen cipher in the list. Enabling this option permits cipher changes. |
|
|
Prevents an SSLv2 connection. This option is only applicable when connecting with SSLv23. It prevents the peers choosing SSLv2 as the protocol version. |
|
|
Prevents an SSLv3 connection. This option is only applicable when connecting with SSLv23. It prevents the peers choosing SSLv3 as the protocol version. |
|
|
Prevents a Transport Layer Security (TLS) v1 connection. This option is only applicable when connecting with SSLv23. It prevents the peers choosing TLSv1 as the protocol version. |
|
|
Enables shutdown without sending a notification to the peer.
|
|
|
Indicates that reuse delay client is finished. Enables a mode whereby if session identifier reuse occurs, the protocol's final |
|
|
Indicates an SSLeay version 0.8.0 Diffie-Hellman encoding error. SSLeay version 0.8.0 incorrectly encoded Diffie-Hellman parameters. This bug enables handling of the incorrect format. |
|
|
Indicates an SSLv2 session identifier reuse certificate type error. If SSL_reuse() is true then the |
|
|
Indicates a Transport Layer Security (TLS) block encoding error. Some TLS implementations incorrectly implement the encoding of the padding length when using block ciphers. |
|
|
Indicates an ephemeral RSA encoding error. Some TLS implementations incorrectly encode the length of ephemeral RSA parameters.
|
|
|
Indicates a Transport Layer Security (TLS) protocol rollback checking error. Some TLS implementations did not check the protocol version encoded in the random data exchanged between the client and server. This option enables protocol version checking to provide compatibility with implementations that do not set this field correctly. |
