Crypt-MatrixSSL3
view release on metacpan or search on metacpan
Makefile.PL view on Meta::CPAN
#******************************************************************************
#
# Recommended cipher suites:
#
# Define the following to enable various cipher suites
# At least one of these must be defined. If multiple are defined,
# the handshake will determine which is best for the connection.
#
'USE_TLS_RSA_WITH_AES_128_CBC_SHA',
'USE_TLS_RSA_WITH_AES_256_CBC_SHA',
'USE_TLS_RSA_WITH_AES_128_CBC_SHA256', # TLS 1.2
'USE_TLS_RSA_WITH_AES_256_CBC_SHA256', # TLS 1.2
'USE_TLS_RSA_WITH_AES_128_GCM_SHA256', # TLS 1.2
'USE_TLS_RSA_WITH_AES_256_GCM_SHA384', # TLS 1.2
# Pre-Shared Key Ciphers
#'USE_TLS_PSK_WITH_AES_256_CBC_SHA',
#'USE_TLS_PSK_WITH_AES_128_CBC_SHA',
#'USE_TLS_PSK_WITH_AES_256_CBC_SHA384', # TLS 1.2
#'USE_TLS_PSK_WITH_AES_128_CBC_SHA256', # TLS 1.2
# Ephemeral ECC DH keys, ECC DSA certificates
#'USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
#'USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
#'USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', # TLS 1.2
#'USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', # TLS 1.2
#'USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', # TLS 1.2 - HTTP/2 approved
#'USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', # TLS 1.2 - HTTP/2 approved
# Ephemeral ECC DH keys, RSA certificates
'USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
'USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
'USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', # TLS 1.2
'USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', # TLS 1.2
'USE_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', # TLS 1.2 - HTTP/2 approved
'USE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', # TLS 1.2 - HTTP/2 approved and *required*
# Non-Ephemeral ECC DH keys, ECC DSA certificates
#'USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA',
#'USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA',
#'USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256', # TLS 1.2
#'USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384', # TLS 1.2
#'USE_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256', # TLS 1.2
#'USE_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384', # TLS 1.2
# Non-Ephemeral ECC DH keys, RSA certificates
#'USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA',
#'USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA',
#'USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384', # TLS 1.2
#'USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256', # TLS 1.2
#'USE_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384', # TLS 1.2
#'USE_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256', # TLS 1.2
#******************************************************************************
#
# These cipher suites are secure, but not in general use. Enable only if
# specifically required by application.
#
'USE_TLS_DHE_PSK_WITH_AES_256_CBC_SHA',
'USE_TLS_DHE_PSK_WITH_AES_128_CBC_SHA',
'USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
'USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
'USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', # TLS 1.2
'USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', # TLS 1.2
#******************************************************************************
#
# These cipher suites are generally considered weak, not recommended for use.
#
#'USE_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', #x
#'USE_SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA',
#'USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA', #x
#'USE_TLS_RSA_WITH_SEED_CBC_SHA',
#'USE_SSL_RSA_WITH_RC4_128_SHA',
#'USE_SSL_RSA_WITH_RC4_128_MD5',
#******************************************************************************
#
# These cipher suites do not combine authentication and encryption and
# are not recommended for use-cases that require strong security or
# Man-in-the-Middle protection.
#
#'USE_TLS_DH_anon_WITH_AES_256_CBC_SHA',
#'USE_TLS_DH_anon_WITH_AES_128_CBC_SHA',
#'USE_SSL_DH_anon_WITH_3DES_EDE_CBC_SHA',
#'USE_SSL_DH_anon_WITH_RC4_128_MD5',
#'USE_SSL_RSA_WITH_NULL_SHA', # enabled just for test purposes
#'USE_SSL_RSA_WITH_NULL_MD5',
# include encryption algorithms
'USE_AES',
'USE_AES_GCM',
'USE_3DES',
'USE_DES',
'USE_ARC4',
#******************************************************************************
#
# Recommended cipher suites:
#
# Define the following to enable various cipher suites
# At least one of these must be defined. If multiple are defined,
# the handshake will determine which is best for the connection.
#
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
# Pre-Shared Key Ciphers
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_PSK_WITH_AES_256_CBC_SHA
TLS_PSK_WITH_AES_128_CBC_SHA
TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_PSK_WITH_AES_128_CBC_SHA256
# Ephemeral ECC DH keys, ECC DSA certificates
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# Ephemeral ECC DH keys, RSA certificates
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# Non-Ephemeral ECC DH keys, ECC DSA certificates
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
# Non-Ephemeral ECC DH keys, RSA certificates
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#******************************************************************************
#
# These cipher suites are secure, but not in general use. Enable only if
# specifically required by application.
#
TLS_DHE_PSK_WITH_AES_256_CBC_SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
#******************************************************************************
#
# These cipher suites are generally considered weak, not recommended for use.
#
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
#******************************************************************************
#
# These cipher suites do not combine authentication and encryption and
# are not recommended for use-cases that require strong security or
# Man-in-the-Middle protection.
#
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_NULL_MD5
# Other
SSL_NULL_WITH_NULL_NULL
TLS_RSA_WITH_IDEA_CBC_SHA
Flag for matrixSslEncodeRehandshake():
SSL_OPTION_FULL_HANDSHAKE
:Alert
Alert level codes:
SSL_ALERT_LEVEL_FATAL
inc/matrixssl-3-9-3-open.files view on Meta::CPAN
inc/matrixssl-3-9-3-open/crypto/math/pstmnt
inc/matrixssl-3-9-3-open/crypto/prng/prng
inc/matrixssl-3-9-3-open/crypto/prng/yarrow
inc/matrixssl-3-9-3-open/crypto/pubkey/dh
inc/matrixssl-3-9-3-open/crypto/pubkey/ecc
inc/matrixssl-3-9-3-open/crypto/pubkey/pubkey
inc/matrixssl-3-9-3-open/crypto/pubkey/rsa
inc/matrixssl-3-9-3-open/crypto/pubkey/rsa_openssl
inc/matrixssl-3-9-3-open/crypto/symmetric/aes
inc/matrixssl-3-9-3-open/crypto/symmetric/aes_aesni
inc/matrixssl-3-9-3-open/crypto/symmetric/aesCBC
inc/matrixssl-3-9-3-open/crypto/symmetric/aesGCM
inc/matrixssl-3-9-3-open/crypto/symmetric/arc4
inc/matrixssl-3-9-3-open/crypto/symmetric/des3
inc/matrixssl-3-9-3-open/crypto/symmetric/idea
inc/matrixssl-3-9-3-open/crypto/symmetric/rc2
inc/matrixssl-3-9-3-open/crypto/symmetric/seed
inc/matrixssl-3-9-3-open/crypto/symmetric/symmetric_libsodium
inc/matrixssl-3-9-3-open/crypto/symmetric/symmetric_openssl
inc/matrixssl-3-9-3-open/matrixssl/cipherSuite
inc/matrixssl-3-9-3-open/matrixssl/dtls
inc/patches/3-9-3-1.patch view on Meta::CPAN
diff --git a/matrixssl/matrixsslConfig.h b/matrixssl/matrixsslConfig.h
index 976d4eb..155c1f6 100644
--- a/matrixssl/matrixsslConfig.h
+++ b/matrixssl/matrixsslConfig.h
@@ -96,20 +96,20 @@ extern "C" {
//#define USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
-#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+//#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+//#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
/* TLS 1.2 ciphers */
-#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+//#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+//#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
/** Non-Ephemeral RSA keys/certificates */
-#define USE_TLS_RSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHALL */
-#define USE_TLS_RSA_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD */
+//#define USE_TLS_RSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHALL */
+//#define USE_TLS_RSA_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD */
/* TLS 1.2 ciphers */
-#define USE_TLS_RSA_WITH_AES_128_CBC_SHA256/**< @security NIST_MAY */
-#define USE_TLS_RSA_WITH_AES_256_CBC_SHA256/**< @security NIST_MAY */
-#define USE_TLS_RSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHALL */
-#define USE_TLS_RSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+//#define USE_TLS_RSA_WITH_AES_128_CBC_SHA256/**< @security NIST_MAY */
+//#define USE_TLS_RSA_WITH_AES_256_CBC_SHA256/**< @security NIST_MAY */
+//#define USE_TLS_RSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHALL */
+//#define USE_TLS_RSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
/******************************************************************************/
/**
@@ -120,8 +120,8 @@ extern "C" {
//#define USE_SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
/** Ephemeral Diffie-Hellman ciphersuites, with PSK authentication */
-#define USE_TLS_DHE_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
-#define USE_TLS_DHE_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
+//#define USE_TLS_DHE_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
+//#define USE_TLS_DHE_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
/** Ephemeral ECC DH keys, RSA certificates */
//#define USE_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA /**< @security NIST_SHOULD */
@@ -129,11 +129,11 @@ extern "C" {
/** Pre-Shared Key Ciphers.
NIST SP 800-52 Rev 1 recommends against using PSK unless neccessary
See NIST SP 800-52 Rev 1 Appendix C */
-#define USE_TLS_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
-#define USE_TLS_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
+//#define USE_TLS_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
+//#define USE_TLS_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
/* TLS 1.2 ciphers */
-#define USE_TLS_PSK_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD_NOT */
-#define USE_TLS_PSK_WITH_AES_256_CBC_SHA384/**< @security NIST_SHOULD_NOT */
+//#define USE_TLS_PSK_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD_NOT */
+//#define USE_TLS_PSK_WITH_AES_256_CBC_SHA384/**< @security NIST_SHOULD_NOT */
/** Non-Ephemeral ECC DH keys, ECC DSA certificates */
//#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA /**< @security NIST_MAY */
@@ -186,7 +186,7 @@ extern "C" {
USE_TLS_1_0_AND_ABOVE
@note There is no option for enabling SSL3.0 at this level
*/
-#define USE_TLS_1_1_AND_ABOVE/**< @security default 1_1_AND_ABOVE */
+//#define USE_TLS_1_1_AND_ABOVE/**< @security default 1_1_AND_ABOVE */
//#define USE_TLS_1_2_AND_ABOVE /**< @security better than 1_1_AND_ABOVE if no backwards compatiblity concerns */
//#define USE_TLS_1_0_AND_ABOVE /**< @security no longer recommended. */
@@ -196,7 +196,7 @@ extern "C" {
lib/Crypt/MatrixSSL3.pm view on Meta::CPAN
CONST_VERSION_INT,
'MATRIXSSL_VERSION_CODE',
'MATRIXSSL_VERSION',
);
use constant CONST_CIPHER => qw(
SSL_NULL_WITH_NULL_NULL
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_IDEA_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_SEED_CBC_SHA
TLS_PSK_WITH_AES_128_CBC_SHA
TLS_PSK_WITH_AES_128_CBC_SHA256
TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_PSK_WITH_AES_256_CBC_SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA
TLS_DHE_PSK_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
lib/Crypt/MatrixSSL3.pm view on Meta::CPAN
#******************************************************************************
#
# Recommended cipher suites:
#
# Define the following to enable various cipher suites
# At least one of these must be defined. If multiple are defined,
# the handshake will determine which is best for the connection.
#
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
# Pre-Shared Key Ciphers
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_PSK_WITH_AES_256_CBC_SHA
TLS_PSK_WITH_AES_128_CBC_SHA
TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_PSK_WITH_AES_128_CBC_SHA256
# Ephemeral ECC DH keys, ECC DSA certificates
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# Ephemeral ECC DH keys, RSA certificates
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# Non-Ephemeral ECC DH keys, ECC DSA certificates
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
# Non-Ephemeral ECC DH keys, RSA certificates
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#******************************************************************************
#
# These cipher suites are secure, but not in general use. Enable only if
# specifically required by application.
#
TLS_DHE_PSK_WITH_AES_256_CBC_SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
#******************************************************************************
#
# These cipher suites are generally considered weak, not recommended for use.
#
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
#******************************************************************************
#
# These cipher suites do not combine authentication and encryption and
# are not recommended for use-cases that require strong security or
# Man-in-the-Middle protection.
#
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_NULL_MD5
# Other
SSL_NULL_WITH_NULL_NULL
TLS_RSA_WITH_IDEA_CBC_SHA
Flag for matrixSslEncodeRehandshake():
SSL_OPTION_FULL_HANDSHAKE
=item :Alert
Alert level codes:
SSL_ALERT_LEVEL_FATAL
t/cert/server.key.des3 view on Meta::CPAN
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,F8C38C90A4339757
dZzU++4FetDlOJjNfrXhcZGUtPBmDWxqLn0P0xcz+QWp8FMp8ta+xCH6iJuCP1d/
ELuJLrK38wtubYf6x5tVLxpfvjraWDgX+KXnIxnwCYRQQrpZB2jASbvFANQwBYS6
4TyomnfanVNF78a2QtW9+LzolEDDdjPE1PElXju4qAIkZG2qeTYEfrGCzHd3mfzR
sFo1ZvIyCtdCNgrVp2bdVdo7ti0r9OsKAtXV3rVE9KrO/0usmggW+T+J3WfduJO4
X00QagRWQANE22cnCA+qQ+mzLisalThzc6eCzyJuolQo4OyflOV7389tjPH4G9Td
XHMgjin9uQgIq4vtVk8LDCDkyV4WLE6cEuiekQdOtmvYF7e20ESaM4UJxZZsdKO6
Mf6CYtOxnaWxpxr+ker3eUJN4RhMfAdyKhR98VBpcAZb8mP5rapHOcXXhqhLpBtC
zf1c7pPbKVTUEun2JUbIFpZbLZXUaDZhgwarSAShIu5cUW35/muNPuhVmVGs4L32
rOYDCdAospIsU16mh61Xyuq+XkOXiWjfd8c6lxRKo7vuNfXkzkewNpCounn9MVS1
t/export-all.t view on Meta::CPAN
SSL_ALERT_UNSUPPORTED_EXTENSION
SSL_ALERT_NONE
SSL_ALLOW_ANON_CONNECTION
SSL_NULL_WITH_NULL_NULL
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
SSL_OPTION_FULL_HANDSHAKE
PS_FAILURE
MATRIXSSL_ERROR
PS_ARG_FAIL
PS_PLATFORM_FAIL
PS_MEM_FAIL
PS_LIMIT_FAIL
PS_UNSUPPORTED_FAIL
PS_PROTOCOL_FAIL
t/export-some.t view on Meta::CPAN
= qw(
SSL_MAX_PLAINTEXT_LEN
SSL_ALLOW_ANON_CONNECTION
SSL_NULL_WITH_NULL_NULL
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
SSL_OPTION_FULL_HANDSHAKE
SSL2_MAJ_VER
SSL3_MAJ_VER
SSL3_MIN_VER
TLS_MIN_VER
TLS_1_1_MIN_VER
TLS_1_2_MIN_VER
TLS_MAJ_VER
MATRIXSSL_VERSION
SSL_ALERT_UNSUPPORTED_EXTENSION
SSL_ALERT_NONE
SSL_ALLOW_ANON_CONNECTION
SSL_NULL_WITH_NULL_NULL
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
SSL_OPTION_FULL_HANDSHAKE
PS_FAILURE
MATRIXSSL_ERROR
PS_ARG_FAIL
PS_PLATFORM_FAIL
PS_MEM_FAIL
PS_LIMIT_FAIL
PS_UNSUPPORTED_FAIL
PS_PROTOCOL_FAIL
t/matrixSslEncodeRehandshake.t view on Meta::CPAN
my $trustedCAcertFiles = 't/cert/testCA.crt';
my $trustedCAbundle = $Crypt::MatrixSSL3::CA_CERTIFICATES;
my ($Server_Keys, $Client_Keys);
my ($Server_SSL, $Client_SSL);
my @Alert;
my ($client2server, $server2client) = (q{}, q{});
is MATRIXSSL_SUCCESS, Crypt::MatrixSSL3::set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_FALSE),
'disable TLS_RSA_WITH_AES_128_CBC_SHA';
new($trustedCAcertFiles, undef);
handshake();
io();
is $Client_SSL->encode_rehandshake(undef, undef, SSL_OPTION_FULL_HANDSHAKE, [SSL_RSA_WITH_RC4_128_MD5]), PS_UNSUPPORTED_FAIL,
'--- Rehandshake: unsupported cipher';
io();
fin();
new($trustedCAcertFiles, undef);
t/matrixSslEncodeRehandshake.t view on Meta::CPAN
io();
is MATRIXSSL_SUCCESS, $Client_SSL->encode_rehandshake($Client_Keys, undef, 0, undef),
'--- Rehandshake: change nothing (same keys)';
handshake();
io();
fin();
new($trustedCAcertFiles, undef);
handshake();
io();
is MATRIXSSL_SUCCESS, $Client_SSL->encode_rehandshake(undef, undef, SSL_OPTION_FULL_HANDSHAKE, [TLS_RSA_WITH_AES_256_CBC_SHA]),
'--- Rehandshake: change cipher to TLS_RSA_WITH_AES_256_CBC_SHA';
handshake();
io();
fin();
=for not allowed anymore
new($trustedCAcertFiles, undef);
handshake();
io();
is MATRIXSSL_SUCCESS, $Client_SSL->encode_rehandshake(undef, undef, SSL_OPTION_FULL_HANDSHAKE, [SSL_NULL_WITH_NULL_NULL]),
t/matrixSslNewClientSession.t view on Meta::CPAN
is undef, $ssl,
'ssl not defined';
#throws_ok { $ssl = Crypt::MatrixSSL3::Client->new($keys, undef, undef, undef, undef, undef, undef) }
# qr/^${\PS_PROTOCOL_FAIL}\b/,
# 'empty keys';
is PS_SUCCESS, $keys->load_rsa(undef, undef, undef, $Crypt::MatrixSSL3::CA_CERTIFICATES),
'$keys->load_rsa';
is MATRIXSSL_SUCCESS, Crypt::MatrixSSL3::set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_FALSE),
'disable TLS_RSA_WITH_AES_128_CBC_SHA';
#throws_ok { $ssl = Crypt::MatrixSSL3::Client->new($keys, undef, [TLS_RSA_WITH_AES_128_CBC_SHA], undef, undef, undef, undef) }
# qr/^${\PS_UNSUPPORTED_FAIL}\b/,
# 'unsupported cipher';
lives_ok { $ssl = Crypt::MatrixSSL3::Client->new($keys, undef, undef, undef, undef, undef, undef) }
'Client->new';
ok ref $ssl && $$ssl > 0,
'ssl is not NULL';
undef $ssl;
undef $keys;
ok(1, 'matrixSslClose');
t/matrixSslSetCipherSuiteEnabledStatus.t view on Meta::CPAN
use strict;
use Test::More tests => 16;
use Test::Exception;
use Crypt::MatrixSSL3 qw( :DEFAULT :Error :Cipher :Bool );
Crypt::MatrixSSL3::Open();
my ($ssl, $keys);
is MATRIXSSL_SUCCESS, Crypt::MatrixSSL3::set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_FALSE),
'disable TLS_RSA_WITH_AES_128_CBC_SHA';
is MATRIXSSL_SUCCESS, Crypt::MatrixSSL3::set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_FALSE),
'disable TLS_RSA_WITH_AES_128_CBC_SHA again';
is MATRIXSSL_SUCCESS, Crypt::MatrixSSL3::set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_TRUE),
'enable TLS_RSA_WITH_AES_128_CBC_SHA';
is MATRIXSSL_SUCCESS, Crypt::MatrixSSL3::set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_TRUE),
'enable TLS_RSA_WITH_AES_128_CBC_SHA again';
is PS_FAILURE, Crypt::MatrixSSL3::set_cipher_suite_enabled_status(SSL_RSA_WITH_RC4_128_SHA, PS_FALSE),
'disable not supported SSL_RSA_WITH_RC4_128_SHA';
lives_ok { $keys = Crypt::MatrixSSL3::Keys->new() }
'Keys->new';
is PS_SUCCESS, $keys->load_rsa(undef, undef, undef, $Crypt::MatrixSSL3::CA_CERTIFICATES),
'$keys->load_rsa';
lives_ok { $ssl = Crypt::MatrixSSL3::Server->new($keys, undef) }
'Server->new';
is MATRIXSSL_SUCCESS, $ssl->set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_FALSE),
'server: disable TLS_RSA_WITH_AES_128_CBC_SHA';
is MATRIXSSL_SUCCESS, $ssl->set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_FALSE),
'server: disable TLS_RSA_WITH_AES_128_CBC_SHA again';
is MATRIXSSL_SUCCESS, $ssl->set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_TRUE),
'server: enable TLS_RSA_WITH_AES_128_CBC_SHA';
is MATRIXSSL_SUCCESS, $ssl->set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_TRUE),
'server: enable TLS_RSA_WITH_AES_128_CBC_SHA again';
is PS_FAILURE, $ssl->set_cipher_suite_enabled_status(SSL_RSA_WITH_RC4_128_SHA, PS_FALSE),
'server: disable not supported SSL_RSA_WITH_RC4_128_SHA';
undef $ssl;
lives_ok { $ssl = Crypt::MatrixSSL3::Client->new($keys, undef, undef, undef, undef, undef, undef) }
'Client->new';
is PS_UNSUPPORTED_FAIL, $ssl->set_cipher_suite_enabled_status(TLS_RSA_WITH_AES_128_CBC_SHA, PS_FALSE),
'client: disable TLS_RSA_WITH_AES_128_CBC_SHA';
undef $ssl;
undef $keys;
ok(1, 'matrixSslClose');
Crypt::MatrixSSL3::Close();
( run in 3.317 seconds using v1.01-cache-2.11-cpan-e1769b4cff6 )