Crypt::NSS::SSL - Generic SSL functions from NSS
This package provides non-socket specific SSL functions from NSS such as setting cipher suites, default options etc.
Get or set defaults for SSL options on new sockets.
Option should be one of the the following constants from
Enable or disable SSL security. If disabled the socket will not be an SSL session and thus not support encryption, certificates etc.
Request the connected client to authenticate itself using client-side certificates. Server option only.
Require the connected client to authenticate itself using client-side certificates. Requires SSL_REQUEST_CERTIFICATE. Server option only.
accept on a listening socket should perform the SSL handshake.
If false handshakes as server,
otherwise handshakes as client even tho it's a server socket.
Server option only.
connect on a socket should perform the SSL handshake.
If false handshakes as a client,
otherwise handshakes client as a server.
Client option only.
Tell NSS that application will use full-duplex on socket, ie do writes and reads simultaneously.
Enables or disables the SSL v3 protocol which is on by default.
Enables or disables the SSL v2 protocol which is off by default.
Enables or disables the TLS protocol.
Tells wether to send v3 hello messages in a v2 compatible form or not. Default is on.
Disable the use of the session cache for sockets. If off a socket cannot resume the session started by another socket and thus must do the handshaking again. Default is off.
Enable or disable rollback attack detaction. Some older clients might not be able to connect if this is off.
Get or set whether a cipher is enabled or not.
Configure the session cache if we're are a server. The option ARGS must be a hash reference and takes the following options:
The maximum number of entries in the cache. If ommited or specified as 0 the default 10,000 is used.
The lifetime of an SSL2 session. Minimum is 5 seconds, maximum is 24 hours. Default is 100 seconds.
The lifetime of an SSL3 session. Minimum is 5 seconds, maximum is 24 hours. Default is 24 hours.
The path to where to store the session cache. If omitted your systems temp dir is used.
If your server is multithreaded or multiprocess (ie forks) you must specify this using this passing a true value in this option.
Clear the session cache.
Regulates what cipher suite we want.
By default all ciphers are disabled so you must call this before any cryptographic functions in NSS can work.
cipher_suite during Crypto::NSS import also does this.
Currently there are three suites declared: