Loading apps/ciphers.c +21 −0 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ typedef enum OPTION_choice { OPT_TLS1_1, OPT_TLS1_2, OPT_PSK, OPT_SRP, OPT_V, OPT_UPPER_V, OPT_S } OPTION_CHOICE; Loading @@ -95,6 +96,9 @@ OPTIONS ciphers_options[] = { #endif #ifndef OPENSSL_NO_PSK {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, #endif #ifndef OPENSSL_NO_SRP {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, #endif {NULL} }; Loading @@ -108,6 +112,12 @@ static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, return 0; } #endif #ifndef OPENSSL_NO_SRP static char *dummy_srp(SSL *ssl, void *arg) { return ""; } #endif int ciphers_main(int argc, char **argv) { Loading @@ -121,6 +131,9 @@ int ciphers_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_PSK int psk = 0; #endif #ifndef OPENSSL_NO_SRP int srp = 0; #endif const char *p; char *ciphers = NULL, *prog; Loading Loading @@ -173,6 +186,10 @@ int ciphers_main(int argc, char **argv) case OPT_PSK: #ifndef OPENSSL_NO_PSK psk = 1; #endif case OPT_SRP: #ifndef OPENSSL_NO_SRP srp = 1; #endif break; } Loading @@ -196,6 +213,10 @@ int ciphers_main(int argc, char **argv) #ifndef OPENSSL_NO_PSK if (psk) SSL_CTX_set_psk_client_callback(ctx, dummy_psk); #endif #ifndef OPENSSL_NO_SRP if (srp) SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); #endif if (ciphers != NULL) { if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { Loading doc/apps/ciphers.pod +10 −6 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ B<openssl> B<ciphers> [B<-tls1_2>] [B<-s>] [B<-psk>] [B<-srp>] [B<-stdname>] [B<cipherlist>] Loading @@ -37,13 +38,12 @@ Print a usage message. =item B<-s> Only list supported ciphers: those consistent with the security level, and minimum and maximum protocol version. This is closer to the actual cipher list an application will support. minimum and maximum protocol version. This is closer to the actual cipher list an application will support. PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp> to enable them. This program does not set up support for SRP and so SRP based ciphers will always be excluded when using this option. PSK ciphers are not enabled by default and it requires the B<-psk> to enable them. It also does not change the default list of supported signature algorithms. On a server the list of supported ciphers might also exclude other ciphers Loading @@ -56,6 +56,10 @@ listed. When combined with B<-s> includes cipher suites which require PSK. =item B<-srp> When combined with B<-s> includes cipher suites which require SRP. =item B<-v> Verbose output: For each ciphersuite, list details as provided by Loading Loading
apps/ciphers.c +21 −0 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ typedef enum OPTION_choice { OPT_TLS1_1, OPT_TLS1_2, OPT_PSK, OPT_SRP, OPT_V, OPT_UPPER_V, OPT_S } OPTION_CHOICE; Loading @@ -95,6 +96,9 @@ OPTIONS ciphers_options[] = { #endif #ifndef OPENSSL_NO_PSK {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, #endif #ifndef OPENSSL_NO_SRP {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, #endif {NULL} }; Loading @@ -108,6 +112,12 @@ static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, return 0; } #endif #ifndef OPENSSL_NO_SRP static char *dummy_srp(SSL *ssl, void *arg) { return ""; } #endif int ciphers_main(int argc, char **argv) { Loading @@ -121,6 +131,9 @@ int ciphers_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_PSK int psk = 0; #endif #ifndef OPENSSL_NO_SRP int srp = 0; #endif const char *p; char *ciphers = NULL, *prog; Loading Loading @@ -173,6 +186,10 @@ int ciphers_main(int argc, char **argv) case OPT_PSK: #ifndef OPENSSL_NO_PSK psk = 1; #endif case OPT_SRP: #ifndef OPENSSL_NO_SRP srp = 1; #endif break; } Loading @@ -196,6 +213,10 @@ int ciphers_main(int argc, char **argv) #ifndef OPENSSL_NO_PSK if (psk) SSL_CTX_set_psk_client_callback(ctx, dummy_psk); #endif #ifndef OPENSSL_NO_SRP if (srp) SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); #endif if (ciphers != NULL) { if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { Loading
doc/apps/ciphers.pod +10 −6 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ B<openssl> B<ciphers> [B<-tls1_2>] [B<-s>] [B<-psk>] [B<-srp>] [B<-stdname>] [B<cipherlist>] Loading @@ -37,13 +38,12 @@ Print a usage message. =item B<-s> Only list supported ciphers: those consistent with the security level, and minimum and maximum protocol version. This is closer to the actual cipher list an application will support. minimum and maximum protocol version. This is closer to the actual cipher list an application will support. PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp> to enable them. This program does not set up support for SRP and so SRP based ciphers will always be excluded when using this option. PSK ciphers are not enabled by default and it requires the B<-psk> to enable them. It also does not change the default list of supported signature algorithms. On a server the list of supported ciphers might also exclude other ciphers Loading @@ -56,6 +56,10 @@ listed. When combined with B<-s> includes cipher suites which require PSK. =item B<-srp> When combined with B<-s> includes cipher suites which require SRP. =item B<-v> Verbose output: For each ciphersuite, list details as provided by Loading
Richard Levitte <levitte@openssl.org>Richard Levitte <levitte@openssl.org>