Crypt-MatrixSSL3
view release on metacpan or search on metacpan
SNI (virtual hosts)
OCSP staple
Certificate Transparency
Support for TLS_FALLBACK_SCSV
Partial support for "status_request" TLS extension
Browser preferred ciphers
Selecting our strongest ciphers from the client supported list.
TERMINOLOGY
When a client establishes an SSL connection without sending a SNI
extension in its CLIENT_HELLO message we say that the client connects
to the default server.
If a SNI extension is present then the client connects to a virtual
host.
EXPORTS
Constants and functions can be exported using different tags. Use tag
':all' to export everything.
By default (tag ':DEFAULT') only SSL_MAX_PLAINTEXT_LEN and return code
constants (tag ':RC') will be exported.
:Version
SSL2_MAJ_VER
SSL3_MAJ_VER
SSL3_MIN_VER
TLS_1_1_MIN_VER
TLS_1_2_MIN_VER
TLS_MAJ_VER
TLS_MIN_VER
MATRIXSSL_VERSION
MATRIXSSL_VERSION_MAJOR
MATRIXSSL_VERSION_MINOR
MATRIXSSL_VERSION_PATCH
MATRIXSSL_VERSION_CODE
:Cipher
Used in matrixSslSetCipherSuiteEnabledStatus().
#******************************************************************************
#
# Recommended cipher suites:
#
# Define the following to enable various cipher suites
# At least one of these must be defined. If multiple are defined,
# the handshake will determine which is best for the connection.
#
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
# Pre-Shared Key Ciphers
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_PSK_WITH_AES_256_CBC_SHA
TLS_PSK_WITH_AES_128_CBC_SHA
TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_PSK_WITH_AES_128_CBC_SHA256
# Ephemeral ECC DH keys, ECC DSA certificates
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# Ephemeral ECC DH keys, RSA certificates
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# Non-Ephemeral ECC DH keys, ECC DSA certificates
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
# Non-Ephemeral ECC DH keys, RSA certificates
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#******************************************************************************
#
# These cipher suites are secure, but not in general use. Enable only if
# specifically required by application.
#
TLS_DHE_PSK_WITH_AES_256_CBC_SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
#******************************************************************************
#
# These cipher suites are generally considered weak, not recommended for use.
#
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
#******************************************************************************
#
# These cipher suites do not combine authentication and encryption and
# are not recommended for use-cases that require strong security or
# Man-in-the-Middle protection.
#
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_NULL_MD5
# Other
SSL_NULL_WITH_NULL_NULL
TLS_RSA_WITH_IDEA_CBC_SHA
Flag for matrixSslEncodeRehandshake():
SSL_OPTION_FULL_HANDSHAKE
:Alert
Alert level codes:
SSL_ALERT_LEVEL_FATAL
SSL_ALERT_LEVEL_WARNING
Alert description codes:
SSL_ALERT_ACCESS_DENIED
SSL_ALERT_BAD_CERTIFICATE
SSL_ALERT_BAD_RECORD_MAC
SSL_ALERT_CERTIFICATE_EXPIRED
SSL_ALERT_CERTIFICATE_REVOKED
SSL_ALERT_CERTIFICATE_UNKNOWN
SSL_ALERT_CLOSE_NOTIFY
SSL_ALERT_DECODE_ERROR
SSL_ALERT_DECOMPRESSION_FAILURE
SSL_ALERT_DECRYPTION_FAILED
SSL_ALERT_DECRYPT_ERROR
SSL_ALERT_HANDSHAKE_FAILURE
SSL_ALERT_ILLEGAL_PARAMETER
SSL_ALERT_INAPPROPRIATE_FALLBACK
SSL_ALERT_INSUFFICIENT_SECURITY
SSL_ALERT_INTERNAL_ERROR
SSL_ALERT_NONE
SSL_ALERT_NO_APP_PROTOCOL
SSL_ALERT_NO_CERTIFICATE
SSL_ALERT_NO_RENEGOTIATION
SSL_ALERT_PROTOCOL_VERSION
SSL_ALERT_RECORD_OVERFLOW
SSL_ALERT_UNEXPECTED_MESSAGE
SSL_ALERT_UNKNOWN_CA
SSL_ALERT_UNRECOGNIZED_NAME
SSL_ALERT_UNSUPPORTED_CERTIFICATE
SSL_ALERT_UNSUPPORTED_EXTENSION
:Error
Error codes from different functions:
PS_FAILURE
MATRIXSSL_ERROR
PS_ARG_FAIL
PS_CERT_AUTH_FAIL
PS_CERT_AUTH_FAIL_AUTHKEY
PS_CERT_AUTH_FAIL_BC
PS_CERT_AUTH_FAIL_DN
PS_CERT_AUTH_FAIL_EXTENSION
PS_CERT_AUTH_FAIL_PATH_LEN
PS_CERT_AUTH_FAIL_REVOKED
PS_CERT_AUTH_FAIL_SIG
PS_DISABLED_FEATURE_FAIL
PS_EAGAIN
PS_INTERRUPT_FAIL
( run in 1.771 second using v1.01-cache-2.11-cpan-e1769b4cff6 )