Home  Contents

ssl:setCipherSuites

 Cipher/SSL Core4 Lua Commands
Platform Core4 Filesystem Core4 Lua
Core4 Manager Core4 Manager Downloads Getting started Installation Development
Application Notes Lua TCP/IP
Core4 Lua Commands Audio Cipher Cipher/Hash Cipher/MPI Cipher/PKI Cipher/SSL Ctype Date/Time Debug Filer Graphics JSON Kconfig Math Mtd16 OS Sql String Table Tr
Core4 Lua Event System Bis Event Finger Gpio Httpd Httpd/CGI Keyboard Magstripe Mtd16io Rawio Touch V4kf Websocket
Lua Commands Coroutine Debug File Global IO OS Package String Table
Credits Credits

SYNOPSIS

  1. ssl:setCipherSuites(list)
  2. list = ssl:getCipherSuites()
  3. list = ssl:defaultCipherSuites()

DESCRIPTION

Note: There is seldom need to change this.

On connect, both server and client together chose a way how data is encrypted. Both sides have a list of encryption methods they can use, and they will pick one from the combined list that both support.

Note that on the Core4 system, AES is the fastest cipher supported, all other ciphers have much slower implementations. The Core4 is set up in a way that it automatically prefers AES if the other side supports it.

To change the list of supported ciphers for this connection, use ssl:setCipherSuites(), query with ssl:getCipherSuites(). The method ssl:defaultCipherSuites() returns a list of suites that are used when no specific list has been configured.

When called with nil as argument, the function ssl:setCipherSuites() will revert to the default list.

All three functions work on a list in the form of a lua table that lists the names of the ciphersuites in squential order. The list uses the official IANA naming convention.

This is an example of a cipher suites list:

{ "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA256", "TLS-RSA-WITH-AES-256-GCM-SHA384", "TLS-RSA-WITH-AES-256-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA256", "TLS-RSA-WITH-AES-128-GCM-SHA256", "TLS-RSA-WITH-AES-128-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-RC4-128-SHA", "TLS-RSA-WITH-RC4-128-MD5" }

Note how the list begins with entries for AES, to give it the highest priority.

SEE ALSO

cipher.ssl()

Core4 SDK 2.114.0#7929 © Teratronik elektronische Systeme GmbH   2024-04-25