SSL_CTX_set_tmp_dh_callback.pod 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122
  1. =pod
  2. =head1 NAME
  3. SSL_CTX_set_dh_auto, SSL_set_dh_auto, SSL_CTX_set0_tmp_dh_pkey,
  4. SSL_set0_tmp_dh_pkey, SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh,
  5. SSL_set_tmp_dh_callback, SSL_set_tmp_dh
  6. - handle DH keys for ephemeral key exchange
  7. =head1 SYNOPSIS
  8. #include <openssl/ssl.h>
  9. long SSL_CTX_set_dh_auto(SSL *s, int onoff);
  10. long SSL_set_dh_auto(SSL *s, int onoff);
  11. int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey);
  12. int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey);
  13. Deprecated since OpenSSL 3.0, can be hidden entirely by defining
  14. B<OPENSSL_API_COMPAT> with a suitable version value, see
  15. L<openssl_user_macros(7)>:
  16. void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
  17. DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
  18. int keylength));
  19. long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
  20. void SSL_set_tmp_dh_callback(SSL *ctx,
  21. DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
  22. int keylength));
  23. long SSL_set_tmp_dh(SSL *ssl, DH *dh);
  24. =head1 DESCRIPTION
  25. The functions described on this page are relevant for servers only.
  26. Some ciphersuites may use ephemeral Diffie-Hellman (DH) key exchange. In these
  27. cases, the session data is negotiated using the ephemeral/temporary DH key and
  28. the key supplied and certified by the certificate chain is only used for
  29. signing. Anonymous ciphers (without a permanent server key) also use ephemeral
  30. DH keys.
  31. Using ephemeral DH key exchange yields forward secrecy as the connection
  32. can only be decrypted when the DH key is known. By generating a temporary
  33. DH key inside the server application that is lost when the application
  34. is left, it becomes impossible for an attacker to decrypt past sessions,
  35. even if they get hold of the normal (certified) key, as this key was
  36. only used for signing.
  37. In order to perform a DH key exchange the server must use a DH group
  38. (DH parameters) and generate a DH key. The server will always generate
  39. a new DH key during the negotiation.
  40. As generating DH parameters is extremely time consuming, an application
  41. should not generate the parameters on the fly. DH parameters can be reused, as
  42. the actual key is newly generated during the negotiation.
  43. Typically applications should use well know DH parameters that have built-in
  44. support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto()
  45. configure OpenSSL to use the default built-in DH parameters for the B<SSL_CTX>
  46. and B<SSL> objects respectively. Passing a value of 1 in the I<onoff> parameter
  47. switches the feature on, and passing a value of 0 switches it off. The default
  48. setting is off.
  49. If "auto" DH parameters are switched on then the parameters will be selected to
  50. be consistent with the size of the key associated with the server's certificate.
  51. If there is no certificate (e.g. for PSK ciphersuites), then it it will be
  52. consistent with the size of the negotiated symmetric cipher key.
  53. Applications may supply their own DH parameters instead of using the built-in
  54. values. This approach is discouraged and applications should in preference use
  55. the built-in parameter support described above. Applications wishing to supply
  56. their own DH parameters should call SSL_CTX_set0_tmp_dh_pkey() or
  57. SSL_set0_tmp_dh_pkey() to supply the parameters for the B<SSL_CTX> or B<SSL>
  58. respectively. The parameters should be supplied in the I<dhpkey> argument as
  59. an B<EVP_PKEY> containg DH parameters. Ownership of the I<dhpkey> value is
  60. passed to the B<SSL_CTX> or B<SSL> object as a result of this call, and so the
  61. caller should not free it if the function call is succesful.
  62. The deprecated macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do the same
  63. thing as SSL_CTX_set0_tmp_dh_pkey() and SSL_set0_tmp_dh_pkey() except that the
  64. DH parameters are supplied in a B<DH> object instead in the I<dh> argument, and
  65. ownership of the B<DH> object is retained by the application. Applications
  66. should use "auto" parameters instead, or call SSL_CTX_set0_tmp_dh_pkey() or
  67. SSL_set0_tmp_dh_pkey() as appropriate.
  68. An application may instead specify the DH parameters via a callback function
  69. using the functions SSL_CTX_set_tmp_dh_callback() or SSL_set_tmp_dh_callback()
  70. to set the callback for the B<SSL_CTX> or B<SSL> object respectively. These
  71. functions are deprecated. Applications should instead use "auto" parameters, or
  72. specify the parameters via SSL_CTX_set0_tmp_dh_pkey() or SSL_set0_tmp_dh_pkey()
  73. as appropriate.
  74. The callback will be invoked during a connection when DH parameters are
  75. required. The B<SSL> object for the current connection is supplied as an
  76. argument. Previous versions of OpenSSL used the B<is_export> and B<keylength>
  77. arguments to control parameter generation for export and non-export
  78. cipher suites. Modern OpenSSL does not support export ciphersuites and so these
  79. arguments are unused and can be ignored by the callback. The callback should
  80. return the parameters to be used in a DH object. Ownership of the DH object is
  81. retained by the application and should later be freed.
  82. =head1 RETURN VALUES
  83. All of these functions/macros return 1 for success or 0 on error.
  84. =head1 SEE ALSO
  85. L<ssl(7)>, L<SSL_CTX_set_cipher_list(3)>,
  86. L<SSL_CTX_set_options(3)>,
  87. L<openssl-ciphers(1)>, L<openssl-dhparam(1)>
  88. =head1 COPYRIGHT
  89. Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
  90. Licensed under the Apache License 2.0 (the "License"). You may not use
  91. this file except in compliance with the License. You can obtain a copy
  92. in the file LICENSE in the source distribution or at
  93. L<https://www.openssl.org/source/license.html>.
  94. =cut