pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:168:   //! The set of <hash, signature> combinations to use by us.   //!   //! Only used with TLS 1.2 and later.   //!   //! Defaults to all combinations supported by Pike except for MD5.   //!   //! This list is typically filtered by @[get_signature_algorithms()]   //! to get rid of combinations not supported by the runtime.   //!   //! @note - //! According to RFC 5246 7.4.2 all certificates needs to be signed - //! by any of the supported signature algorithms. To be forward - //! compatible this list needs to be limited to the combinations - //! that have existing PKCS identifiers. + //! According to @rfc{5246@} 7.4.2 all certificates needs to be + //! signed by any of the supported signature algorithms. To be + //! forward compatible this list needs to be limited to the + //! combinations that have existing PKCS identifiers.   //!   //! @seealso   //! @[get_signature_algorithms()]   array(array(int)) signature_algorithms = ({   #if constant(Crypto.SHA512)   #if constant(Crypto.ECC.Curve)    ({ HASH_sha512, SIGNATURE_ecdsa }),   #endif    ({ HASH_sha512, SIGNATURE_rsa }),   #endif
pike.git/lib/modules/SSL.pmod/Context.pike:548:    return def &&    (CIPHER_effective_keylengths[def[1]] >= min_keylength);    });   }      #if constant(Crypto.ECC.Curve) && constant(Crypto.AES.GCM) && constant(Crypto.SHA384)      //! Configure the context for Suite B compliant operation.   //!   //! This restricts the context to the cipher suites - //! specified by RFC 6460 in strict mode. + //! specified by @rfc{6460@} in strict mode.   //!   //! Additional suites may be enabled, but they will only be   //! selected if a Suite B suite isn't available.   //!   //! @param min_keylength   //! Minimum supported key length in bits. Either @expr{128@}   //! or @expr{192@}.   //!   //! @param strictness_level   //! Allow additional suites.   //! @int   //! @value 2..   //! Strict mode.   //! - //! Allow only the Suite B suites from RFC 6460 and TLS 1.2. + //! Allow only the Suite B suites from @rfc{6460@} and TLS 1.2.   //! @value 1   //! Transitional mode.   //! - //! Also allow the transitional suites from RFC 5430 for use + //! Also allow the transitional suites from @rfc{5430@} for use   //! with TLS 1.0 and 1.1.   //! @value 0   //! Permissive mode (default).   //!   //! Also allow other suites that conform to the minimum key length.   //! @endint   //!   //! @note   //! This function is only present when Suite B compliant operation   //! is possible (ie both elliptic curves and GCM are available).