Crypt-MatrixSSL3
view release on metacpan or search on metacpan
lib/Crypt/MatrixSSL3.pm view on Meta::CPAN
package Crypt::MatrixSSL3;
use 5.006;
use strict;
use warnings;
use Carp;
use Scalar::Util qw( dualvar );
use XSLoader;
BEGIN {
use version 0.77 (); our $VERSION = 'v3.9.4';
XSLoader::load(__PACKAGE__,$VERSION);
}
use File::ShareDir;
our $CA_CERTIFICATES = File::ShareDir::dist_file('Crypt-MatrixSSL3', 'ca-certificates.crt');
# WARNING The CONST_* constants automatically parsed from this file by
# Makefile.PL to generate const-*.inc, so if these constants will be
# reformatted there may be needs in updating regexp in Makefile.PL.
use constant CONST_VERSION_INT => qw(
SSL2_MAJ_VER
SSL3_MAJ_VER
SSL3_MIN_VER
TLS_1_1_MIN_VER
TLS_1_2_MIN_VER
TLS_MAJ_VER
TLS_MIN_VER
TLS_HIGHEST_MINOR
MATRIXSSL_VERSION_MAJOR
MATRIXSSL_VERSION_MINOR
MATRIXSSL_VERSION_PATCH
);
use constant CONST_VERSION => (
CONST_VERSION_INT,
'MATRIXSSL_VERSION_CODE',
'MATRIXSSL_VERSION',
);
use constant CONST_CIPHER => qw(
SSL_NULL_WITH_NULL_NULL
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_IDEA_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_SEED_CBC_SHA
TLS_PSK_WITH_AES_128_CBC_SHA
TLS_PSK_WITH_AES_128_CBC_SHA256
TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_PSK_WITH_AES_256_CBC_SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA
TLS_DHE_PSK_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
);
use constant CONST_SESSION_OPTION => qw(
SSL_OPTION_FULL_HANDSHAKE
);
use constant CONST_ALERT_LEVEL => qw(
SSL_ALERT_LEVEL_WARNING
SSL_ALERT_LEVEL_FATAL
);
use constant CONST_ALERT_DESCR => qw(
SSL_ALERT_NONE
SSL_ALERT_CLOSE_NOTIFY
SSL_ALERT_UNEXPECTED_MESSAGE
SSL_ALERT_BAD_RECORD_MAC
SSL_ALERT_DECRYPTION_FAILED
SSL_ALERT_RECORD_OVERFLOW
SSL_ALERT_DECOMPRESSION_FAILURE
SSL_ALERT_HANDSHAKE_FAILURE
SSL_ALERT_NO_CERTIFICATE
SSL_ALERT_BAD_CERTIFICATE
SSL_ALERT_UNSUPPORTED_CERTIFICATE
SSL_ALERT_CERTIFICATE_REVOKED
SSL_ALERT_CERTIFICATE_EXPIRED
SSL_ALERT_CERTIFICATE_UNKNOWN
SSL_ALERT_ILLEGAL_PARAMETER
SSL_ALERT_UNKNOWN_CA
SSL_ALERT_ACCESS_DENIED
SSL_ALERT_DECODE_ERROR
SSL_ALERT_DECRYPT_ERROR
SSL_ALERT_PROTOCOL_VERSION
SSL_ALERT_INSUFFICIENT_SECURITY
SSL_ALERT_INTERNAL_ERROR
SSL_ALERT_INAPPROPRIATE_FALLBACK
SSL_ALERT_NO_RENEGOTIATION
SSL_ALERT_UNSUPPORTED_EXTENSION
SSL_ALERT_UNRECOGNIZED_NAME
SSL_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
SSL_ALERT_UNKNOWN_PSK_IDENTITY
SSL_ALERT_NO_APP_PROTOCOL
);
# Order is important in CONST_ERROR and CONST_RC! Some constants have same
# value, but their names ordered to get better output in %RETURN_CODE.
use constant CONST_ERROR => qw(
PS_FAILURE
MATRIXSSL_ERROR
PS_ARG_FAIL
PS_PLATFORM_FAIL
lib/Crypt/MatrixSSL3.pm view on Meta::CPAN
=item Certificate Transparency
=item Support for TLS_FALLBACK_SCSV
=item Partial support for "status_request" TLS extension
=item Browser preferred ciphers
Selecting our strongest ciphers from the client supported list.
=back
=head1 TERMINOLOGY
When a client establishes an SSL connection without sending a SNI
extension in its CLIENT_HELLO message we say that the client connects to
the B<default server>.
If a SNI extension is present then the client connects to a B<virtual host>.
=head1 EXPORTS
Constants and functions can be exported using different tags.
Use tag ':all' to export everything.
By default (tag ':DEFAULT') only SSL_MAX_PLAINTEXT_LEN and return code
constants (tag ':RC') will be exported.
=over
=item :Version
SSL2_MAJ_VER
SSL3_MAJ_VER
SSL3_MIN_VER
TLS_1_1_MIN_VER
TLS_1_2_MIN_VER
TLS_MAJ_VER
TLS_MIN_VER
MATRIXSSL_VERSION
MATRIXSSL_VERSION_MAJOR
MATRIXSSL_VERSION_MINOR
MATRIXSSL_VERSION_PATCH
MATRIXSSL_VERSION_CODE
=item :Cipher
Used in matrixSslSetCipherSuiteEnabledStatus().
#******************************************************************************
#
# Recommended cipher suites:
#
# Define the following to enable various cipher suites
# At least one of these must be defined. If multiple are defined,
# the handshake will determine which is best for the connection.
#
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
# Pre-Shared Key Ciphers
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_PSK_WITH_AES_256_CBC_SHA
TLS_PSK_WITH_AES_128_CBC_SHA
TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_PSK_WITH_AES_128_CBC_SHA256
# Ephemeral ECC DH keys, ECC DSA certificates
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# Ephemeral ECC DH keys, RSA certificates
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# Non-Ephemeral ECC DH keys, ECC DSA certificates
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
# Non-Ephemeral ECC DH keys, RSA certificates
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#******************************************************************************
#
# These cipher suites are secure, but not in general use. Enable only if
# specifically required by application.
#
TLS_DHE_PSK_WITH_AES_256_CBC_SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
#******************************************************************************
#
# These cipher suites are generally considered weak, not recommended for use.
#
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
#******************************************************************************
#
# These cipher suites do not combine authentication and encryption and
# are not recommended for use-cases that require strong security or
# Man-in-the-Middle protection.
#
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_NULL_MD5
# Other
SSL_NULL_WITH_NULL_NULL
TLS_RSA_WITH_IDEA_CBC_SHA
Flag for matrixSslEncodeRehandshake():
SSL_OPTION_FULL_HANDSHAKE
=item :Alert
Alert level codes:
SSL_ALERT_LEVEL_FATAL
SSL_ALERT_LEVEL_WARNING
Alert description codes:
SSL_ALERT_ACCESS_DENIED
SSL_ALERT_BAD_CERTIFICATE
SSL_ALERT_BAD_RECORD_MAC
SSL_ALERT_CERTIFICATE_EXPIRED
SSL_ALERT_CERTIFICATE_REVOKED
SSL_ALERT_CERTIFICATE_UNKNOWN
SSL_ALERT_CLOSE_NOTIFY
SSL_ALERT_DECODE_ERROR
SSL_ALERT_DECOMPRESSION_FAILURE
SSL_ALERT_DECRYPTION_FAILED
SSL_ALERT_DECRYPT_ERROR
SSL_ALERT_HANDSHAKE_FAILURE
SSL_ALERT_ILLEGAL_PARAMETER
SSL_ALERT_INAPPROPRIATE_FALLBACK
SSL_ALERT_INSUFFICIENT_SECURITY
SSL_ALERT_INTERNAL_ERROR
SSL_ALERT_NONE
SSL_ALERT_NO_APP_PROTOCOL
SSL_ALERT_NO_CERTIFICATE
SSL_ALERT_NO_RENEGOTIATION
SSL_ALERT_PROTOCOL_VERSION
SSL_ALERT_RECORD_OVERFLOW
SSL_ALERT_UNEXPECTED_MESSAGE
SSL_ALERT_UNKNOWN_CA
SSL_ALERT_UNRECOGNIZED_NAME
SSL_ALERT_UNSUPPORTED_CERTIFICATE
SSL_ALERT_UNSUPPORTED_EXTENSION
=item :Error
Error codes from different functions:
PS_FAILURE
MATRIXSSL_ERROR
PS_ARG_FAIL
PS_CERT_AUTH_FAIL
PS_CERT_AUTH_FAIL_AUTHKEY
PS_CERT_AUTH_FAIL_BC
PS_CERT_AUTH_FAIL_DN
PS_CERT_AUTH_FAIL_EXTENSION
PS_CERT_AUTH_FAIL_PATH_LEN
PS_CERT_AUTH_FAIL_REVOKED
PS_CERT_AUTH_FAIL_SIG
PS_DISABLED_FEATURE_FAIL
PS_EAGAIN
PS_INTERRUPT_FAIL
( run in 1.110 second using v1.01-cache-2.11-cpan-5735350b133 )