Roxen.git / server / base_server / global_variables.pike

version» Context lines:

Roxen.git/server/base_server/global_variables.pike:231:    o->KeyFileVariable    ( "", 0, LOCALE(88, "SSL key file"),    LOCALE(89, "The SSL key file to use. If the path is "    "relative, it will first be searched for "    "relative to %s, and if not found there "    "relative to %s. "    "You do not have to specify a key "    "file, leave this field empty to use the "    "certificate file only.")));    - #if constant(SSL.ServerConnection) -  // Pike 8.0 and later has much more advanced support for SSL/TLS. + #if constant(SSL.Constants.CIPHER_aead) +  // NB: This constant was added a few days after get_suites() in Pike 8.0, +  // and a single day after get_suites() in the backport to Pike 7.8.    -  +  // Pike 8.0 or recent Pike 7.8. +  // They have SSL.[Cc]ontext()->get_suites(). +     defvar( "ssl_password",    Variable.String("", 0, LOCALE(0, "SSL decryption password"),    LOCALE(0, "Optional password to decrypt the "    "SSL key file(s).")));       // 112 bits is the maximum strength to still retain the    // DES-3 suites, which are required in the TLS standards.    defvar("ssl_key_bits",    Variable.Int(112, 0,    LOCALE(0, "Cipher suite minimum key strength"),    LOCALE(0, -  "<p>The minimum number of bits to secure " -  "connections.</p>\n" +  "<p>The minimum number of effective bits to " +  "secure connections.</p>\n"    "<p>Common ciphers (subject to availability) " -  "in order of bits:\n" +  "in order of effective bits as of December 2015:\n"    "<dl>\n" -  "<dt>40</dt>\n" -  "<dd>Export DES (aka DES-40)</dd>\n" +  "<dt>24</dt>\n"    "<dd>Export RC4 (aka RC4-40)</dd>\n" -  "<dt>56</dt>\n" +  "<dt>32</dt>\n" +  "<dd>Export DES (aka DES-40)</dd>\n" +  "<dt>38</dt>\n" +  "<dd>RC4</dd>\n" +  "<dt>40</dt>\n"    "<dd>DES</dd>\n"    "<dt>112</dt>\n"    "<dd>3-DES (Note that this cipher is the "    "minimum required cipher in many versions "    "of TLS)</dd>\n"    "<dt>128</dt>\n"    "<dd>AES-128</dd>\n"    "<dd>Camellia-128</dd>\n" -  "<dd>RC4</dd>\n" +     "<dt>256</dt>\n"    "<dd>AES-256</dd>\n"    "<dd>Camellia-256</dd>\n"    "</dl>\n" -  "</p>\n")))->set_range(0, Variable.no_limit); +  "</p>\n" +  "<p>Cipher strengths lower than 112 bits are " +  "<b>NOT</b> recommended, and there are RFCs that " +  "prohibit the use of all those suites.</p>\n")))-> +  set_range(0, Variable.no_limit); + #endif    -  + #if constant(SSL.ServerConnection) +  // Pike 8.0 and later has much more advanced support for SSL/TLS. +     defvar("ssl_suite_filter",    Variable.IntChoice(0,    ([    0: "Default",    4: "Ephemeral key exchanges only",    8: "Suite B (relaxed)",    12: "Suite B (ephemeral only)",    14: "Suite B (transitional)",    15: "Suite B (strict)",    ]),