summaryrefslogtreecommitdiff
path: root/lib/libtls/tls_init.3
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2015-09-10 09:10:43 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2015-09-10 09:10:43 +0000
commite37634e16b3fadbf460d09841b1ba156a7dbb601 (patch)
tree745c85f344423a1b47c0fd032355d8e47a62aaac /lib/libtls/tls_init.3
parent5cc2dac78c73de261361524e1d021d767beb4cb4 (diff)
Add support for preferring the server's cipher list or the client's cipher
list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@
Diffstat (limited to 'lib/libtls/tls_init.3')
-rw-r--r--lib/libtls/tls_init.321
1 files changed, 19 insertions, 2 deletions
diff --git a/lib/libtls/tls_init.3 b/lib/libtls/tls_init.3
index 16495112ff6..17822d444d8 100644
--- a/lib/libtls/tls_init.3
+++ b/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.25 2015/07/19 17:10:23 jmc Exp $
+.\" $OpenBSD: tls_init.3,v 1.26 2015/09/10 09:10:42 jsing Exp $
.\"
.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: July 19 2015 $
+.Dd $Mdocdate: September 10 2015 $
.Dt TLS_INIT 3
.Os
.Sh NAME
@@ -35,6 +35,8 @@
.Nm tls_config_set_key_mem ,
.Nm tls_config_set_protocols ,
.Nm tls_config_set_verify_depth ,
+.Nm tls_config_prefer_ciphers_client ,
+.Nm tls_config_prefer_ciphers_server ,
.Nm tls_config_clear_keys ,
.Nm tls_config_insecure_noverifycert ,
.Nm tls_config_insecure_noverifyname ,
@@ -92,6 +94,10 @@
.Ft "void"
.Fn tls_config_set_verify_depth "struct tls_config *config" "int verify_depth"
.Ft "void"
+.Fn tls_config_prefer_ciphers_client "struct tls_config *config"
+.Ft "void"
+.Fn tls_config_prefer_ciphers_server "struct tls_config *config"
+.Ft "void"
.Fn tls_config_clear_keys "struct tls_config *config"
.Ft "void"
.Fn tls_config_insecure_noverifycert "struct tls_config *config"
@@ -291,6 +297,17 @@ Additionally, the values
(TLSv1.2 only) may be used.
.Em (Client and server)
.It
+.Fn tls_config_prefer_ciphers_client
+prefers ciphers in the client's cipher list when selecting a cipher suite.
+This is considered to be less secure than preferring the server's list.
+.Em (Server)
+.It
+.Fn tls_config_prefer_ciphers_server
+prefers ciphers in the server's cipher list when selecting a cipher suite.
+This is considered to be more secure than preferring the client's list and is
+the default.
+.Em (Server)
+.It
.Fn tls_config_clear_keys
clears any secret keys from memory.
.Em (Server)
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 18:32:31 +0000