Chapter 4
SSL Functions
SSL Export Policy Functions
SSL Configuration Functions
SSL Communication Functions
SSL Functions Used by Callbacks
SSL Handshake Functions
NSS Shutdown Function
Deprecated Functions
SSL Initialization Functions
This section describes the initialization functions that are specific to SSL. For a complete list of NSS initialization functions, see Initialization. Note that at least one of the functions listed in SSL Export Policy Functions must also be called during NSS initialization.NSS_Init
NSS_InitReadWrite
NSS_NoDB_Init
SSL_OptionSetDefault
SSL_OptionGetDefault
SSL_CipherPrefSetDefault
SSL_CipherPrefGetDefault
SSL_ClearSessionCache
SSL_ConfigServerSessionIDCache
SSL_ConfigMPServerSIDCache
SSL_InheritMPServerSIDCache
NSS_Init
Sets up configuration files and performs other tasks required to run Network Security Services. Database files are opened read-only.Syntax
#include "nss.h"
SECStatus NSS_Init(char *configdir);
Parameter
This function has the following parameter:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. Use PR_GetErrorto retrieve the error code.
Description
NSS_Init
opens the cert
N.db
, key
N.db
, and secmod.db
files (where N is a numeric digit) in the specified directory. NSS_Init
is not idempotent, so call it only once.
NSS_Init
opens the database files read-only. If you are performing operations that require write permission, for example S/MIME operations such as adding a certificate, use NSS_InitReadWrite
instead.
Before calling NSS_Init
, your program must call PR_Init
.
The policy flags for all cipher suites are turned off by default, disallowing all cipher suites. Therefore, an application cannot use NSS to perform any cryptographic operations until after it enables appropriate cipher suites by calling one of the SSL Export Policy Functions:
-
NSS_SetDomesticPolicy
,NSS_SetExportPolicy
, andNSS_SetFrancePolicy
configure the cipher suites for domestic, international, and French versions of software products with encryption features. -
SSL_CipherPolicySet
sets policy flags for individual cipher suites, one at a time. This may be helpful if you have an export license that permits more or fewer capabilities than those allowed by the other export policy functions.
NSS_InitReadWrite
Sets up configuration files and performs other tasks required to run Network Security Services. UnlikeNSS_Init
, NSS_InitReadWrite
provides both read and write access to database files.
Syntax
#include "nss.h"
SECStatus NSS_InitReadWrite(char *configdir);
Parameter
This function has the following parameter:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. Use PR_GetErrorto retrieve the error code.
Description
NSS_InitReadWrite
opens the cert
N.db
, key
N.db
, and secmod.db
files (where N is a numeric digit) with both read and write permission in the specified directory. NSS_InitReadWrite
is not idempotent, so call it only once.
Use NSS_InitReadWrite
rather than NSS_Init
if you are performing operations that require write permission, such as some S/MIME operations.
Before calling NSS_InitReadWrite
, your program must call PR_Init
.
The policy flags for all cipher suites are turned off by default, disallowing all cipher suites. Therefore, an application cannot use NSS to perform any cryptographic operations until after it enables appropriate cipher suites by calling one of the SSL Export Policy Functions.
NSS_NoDB_Init
Performs tasks required to run Network Security Services without setting up configuration files. Important: This NSS function is not intended for use with SSL, which requires that the certificate and key database files be opened.Syntax
#include "nss.h"
SECStatus NSS_NoDB_Init(char *reserved);
Parameter
This function has the following parameter:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. Use PR_GetErrorto retrieve the error code.
Description
NSS_NoDB_Init
opens only the temporary database and the internal PKCS #112 module. Unlike NSS_Init
, NSS_NoDB_Init
allows applications that do not have access to storage for databases to run raw crypto, hashing, and certificate functions.
NSS_NoDB_Init
is not idempotent, so call it only once.
Before calling NSS_NoDB_Init
, your program must call PR_Init
.
The policy flags for all cipher suites are turned off by default, disallowing all cipher suites. Therefore, an application cannot use NSS to perform any cryptographic operations until after it enables appropriate cipher suites by calling one of the SSL Export Policy Functions.
SSL_OptionSetDefault
Changes the default value of a specified SSL option for all subsequently opened sockets as long as the current application program is running.SSL_OptionSetDefault
replaces the deprecated function SSL_EnableDefault
.
Syntax
#include "ssl.h"
SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
Parameters
This function has the following parameters:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
This function changes the default values for all subsequently opened sockets as long as the current application program is running. This function must be called once for each default value you want to change from the factory setting. To change a value in a socket that is already open, useSSL_OptionSet
.
Keep the following in mind when deciding on the operating parameters you want to use with a particular socket:
- The default values that you set with this function apply only to the current application session. If the application program is terminated and then restarted, any default values that were reset by this function revert to their original values.
-
Turning on
SSL_REQUIRE_CERTIFICATE
has no effect unlessSSL_REQUEST_CERTIFICATE
is also turned on. If you enableSSL_REQUEST_CERTIFICATE
, then you should explicitly enable or disableSSL_REQUIRE_CERTIFICATE
rather than allowing it to default.
Enabling the -
As mentioned in Communication, when an application imports a socket into SSL after the TCP connection on that socket has already been established, it must call
SSL_ResetHandshake
to determine whether the socket is for a client or server. At first glance this may seem unnecessary, sinceSSL_Enable
can setSSL_HANDSHAKE_AS_CLIENT
orSSL_HANDSHAKE_AS_SERVER
. However, these settings control the behavior ofPR_Connect
andPR_Accept
only; if you don't call one of those functions after importing a non-SSL socket withSSL_Import
(as in the case of an already established TCP connection), SSL still needs to know whether the application is functioning as a client or server. For a complete discussion of the use ofSSL_HANDSHAKE_AS_CLIENT
andSSL_HANDSHAKE_AS_SERVER
withSSL_EnableDefault
andSSL_Enable
, see SSL_OptionSet. - The SSL protocol is defined to be able to handle simultaneous two-way communication between applications at each end of an SSL connection. Two-way simultaneous communication is also known as "Full Duplex", abbreviated FDX. However, most application protocols that use SSL are not two-way simultaneous, but two-way alternate, also known as "Half Dupled"; that is, each end takes turns sending, and each end is either sending, or receiving, but not both at the same time. For an application to do full duplex, it would typically have two threads sharing the socket; one doing all the reading and the other doing all the writing. The
-
SSL_V2_COMPATIBLE_HELLO
tells the SSL library whether or not to send SSL3 client hello messages in SSL2-compatible format. If an SSL3 client hello message is sent to a server that only understands SSL2 and not SSL3, then the server will interpret the SSL3 client hello as a very large message, and the connection will usually seem to "hang" while the SSL2 server expects more data that will never arrive. For this reason, the SSL3 spec allows SSL3 client hellos to be sent in SSL2 format, and it recommends that SSL3 servers all accept SSL3 client hellos in SSL2 format. When an SSL2-only server receives an SSL3 client hello in SSL2 format, it can (and probably will) negotiate the protocol version correctly, not causing a "hang".
Some applications may wish to force SSL3 client hellos to be sent in SSL3 format, not in SSL2-compatible format. They might wish to do this if they knew, somehow, that the server does not understand SSL2-compatible client hello messages.
Note that calling -
The options
SSL_ENABLE_SSL2
,SSL_ENABLE_SSL3
, andSSL_ENABLE_TLS
can each be set toPR_TRUE
orPR_FALSE
independently of each other. NSS 2.8 will negotiate the higest protocol version with the peer application from among the set of protocols that are commonly enabled in both applications.
Note that SSL3 and TLS share the same set of cipher suites. When both SSL3 and TLS are enabled, all SSL3/TLS ciphersuites that are enabled are enabled for both SSL3 and TLS.
SSL_REQUIRE_CERTIFICATE
option is not recommended. If the client has no certificate and this option is enabled, the client's connection terminates with an error. The user is likely to think something is wrong with either the client or the server, and is unlikely to realize that the problem is the lack of a certificate. It is better to allow the SSL handshake to complete and then have your application return an error message to the client that informs the user of the need for a certificate.SSL_ENABLE_FDX
option tells the SSL library whether the application will have two threads, one reading and one writing, or just one thread doing reads and writes alternately.SSL_Enable
to set SSL_V2_COMPATIBLE_HELLO
to PR_FALSE
implicitly also sets the SSL_ENABLE_SSL2
option to PR_FALSE
for that SSL socket. Calling SSL_EnableDefault
to change the application default setting for SSL_V2_COMPATIBLE_HELLO
to PR_FALSE
implicitly also sets the default value for SSL_ENABLE_SSL2
option to PR_FALSE
for that application.SSL_OptionGetDefault
Gets the value of a specified SSL default option.SSL_OptionGetDefault
is the complementary function for SSL_OptionSetDefault
.
Syntax
#include "ssl.h"
SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on)
Parameters
This function has the parameters listed below.Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain error code.
Description
SSL_CipherPrefGetDefault
gets the application default preference for the specified SSL2, SSL3, or TLS cipher A cipher suite is used only if the policy allows it and the preference for it is set to PR_TRUE
.
SSL_CipherPrefSetDefault
Enables or disables SSL2 or SSL3 cipher suites (subject to which cipher suites are permitted or disallowed by previous calls to one or more of the SSL Export Policy Functions). This function must be called once for each cipher you want to enable or disable by default.Syntax
#include "ssl.h"
SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);
Parameters
This function has the following parameters:One of the following values for SSL2 (factory settings for all are enabled): | |
If nonzero, the specified cipher is enabled. If zero, the cipher is disabled. |
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
The CipherPrefSetDefault function enables or disables individual cipher suites globally. You typically call this in response to changes in user-controlled settings. You must call this function once for each cipher you want to enable or disable. To enable or disable cipher suites for an individual socket, useSSL_CipherPrefSet
.
The set of available SSL cipher suites may grow from release to release of NSS. Applications will find it desirable to determine, at run time, what SSL2 cipher kinds and SSL3 cipher suites are actually implememted in a particular release. Applications may disable any cipher suites that they don't know about (for example, that they cannot present to the user via a GUI). To that end, NSS provides a table that can be examined at run time. All aspects of this table are declared in ssl.h
.
SSL_ImplementedCiphers[]
is an external array of unsigned 16-bit integers whose values are either SSL2 cipher kinds or SSL3 cipher suites. The values are the same as the values used to enable or disable a cipher suite via calls to SSL_CipherPrefSetDefault
, and are defined in sslproto.h
. The number of values in the table is contained in an external 16-bit integer named SSL_NumImplementedCiphers
. The macro SSL_IS_SSL2_CIPHER
can be used to determine whether a particular value is an SSL2 or an SSL3 cipher.
By default, all SSL2 and 12 SSL3/TLS cipher suites are enabled. However, this does not necessarily mean that they are all permitted. The SSL_CipherPrefSetDefault
function cannot override cipher suite policy settings that are not permitted; see SSL Export Policy Functions for details. Your application must call one of the export policy functions before it can perform any cryptographic operations.
The TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
and TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
cipher suites are defined in RFC 2246. They work with both SSL3 and TLS. They use symmetric ciphers with an effective key size of 56 bits. The so-called 56-bit export browsers and servers use these cipher suites.
The cipher suite numbers for the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
and SSL_RSA_FIPS_WITH_DES_CBC_SHA
cipher suites have been changed so that they are no longer "experimental" values. If an application attempts to set or set the policy or preference for one of the old FIPS cipher suite numbers, the library recognizes the old number and sets or gets the value for the new cipher suite number instead.
In this release, the three SSL_FORTEZZA_
cipher suites cannot be enabled unless there is a PKCS #11 module available with a FORTEZZA-enabled token. The SSL_FORTEZZA_
cipher suites will be removed in NSS 3.11.
SSL_CipherPrefGetDefault
Gets the current default preference setting for a specified SSL2 or SSL3 cipher suite.Syntax
#include "ssl.h"
SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool *enabled);
Parameters
This function has the parameters listed below.
The cipher suite whose default preference setting you want to get. For a list of the cipher suites you can specify, see | |
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain error code.
Description
SSL_CipherPrefGetDefault
performs the complementary function to SSL_CipherPrefSetDefault
. It returns the application process' current default preference value for the specified cipher suite. If the application has not previously set the default preference, SSL_CipherPrefGetDefault
returns the factory setting.
SSL_ClearSessionCache
Empties the SSL client session ID cache.Syntax
#include "ssl.h"
void SSL_ClearSessionCache(void);
Description
You must callSSL_ClearSessionCache
after you use one of the SSL Export Policy Functions to change cipher suite policy settings or use SSL_CipherPrefSetDefault
to enable or disable any cipher suite. Otherwise, the old settings remain in the session cache and will be used instead of the new settings.
This function clears only the client cache. The client cache is not configurable. It is located in RAM (not on disk), and has the following characteristics:
- maximum number of entries: unlimited
- SSL 2.0 timeout value: 100 seconds
- SSL 3.0 timeout value: 24 hours
SSL_ConfigServerSessionIDCache
Sets up parameters for and opens the server session cache for a single-process application.Syntax
#include "ssl.h"
SECStatus SSL_ConfigServerSessionIDCache(
int maxCacheEntries,
PRUint32 timeout,
PRUint32 ssl3_timeout,
const char *directory);
Parameters
This function has the parameters listed below.Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain error code.
Description
If you are writing an application that will use SSL sockets that handshake as a server, you must callSSL_ConfigServerSessionIDCache
to configure
additional session caches for server sessions. If your server application uses
multiple processes (instead of or in addition to multiple threads), use
SSL_ConfigMPServerSIDCache
instead. You must use one of these functions
to create a server cache.
This function creates two caches: the server session ID cache (also called the server session cache, or server cache), and the client-auth certificate cache (also called the client cert cache, or client auth cache). Both caches are used only for sessions where the program handshakes as a server. The client-auth certificate cache is used to remember the certificates previously presented by clients for client certificate authentication.
Passing a NULL
value or a value that is out of range for any of the parameters
causes the server default value to be used in the server cache. The values that
you pass affect only the server cache, not the client cache.
Initializing Multi-Processing with a Shared SSL Server Cache
To start a multi-processing application, the initial parent process callsSSL_ConfigMPServerSIDCache
, and then creates child processes, by one of these methods:
-
Call
fork
and thenexec
(Unix) -
Call
CreateProcess
(Win32) -
Call
PR_CreateProcess
(both Unix and Win32)
CreateProcess
takes an argument that tells it whether or not to permit files to be inherited; this argument must be TRUE
.
When a new child that has been created by either CreateProcess
or exec
begins, it may have inherited file descriptors (FDs), but not the parent's memory. Therefore, to find out what FDs it has inherited, it must be told about them. To that end, the function SSL_ConfigMPServerSIDCache
sets an environment variable named SSL_INHERITANCE
. The value of the variable is a printable ASCII string, containing all the information needed to set up and use the inherited FDs.
There are two ways to transfer the content of SSL_INHERITANCE
from parent to child:
-
The child inherits the parent's environment, which must include the
SSL_INHERITANCE
variable. For the child to inherit the parent's environment you must set a specific argument toCreateProcess
orPR_CreateProcess
. -
The parent transmits the content of
SSL_INHERITANCE
to the child by some other means, such as on the command line, or in another file or pipe.
SSL_InheritMPServerSIDCache
to complete the inheritance of the shared cache FDs/handles.
SSL_ConfigMPServerSIDCache
Sets up parameters for and opens the server session cache for a multi-process application.Syntax
#include "ssl.h"
SECStatus SSL_ConfigMPServerSIDCache(
int maxCacheEntries,
PRUint32 timeout,
PRUint32 ssl3_timeout,
const char *directory);
Parameters
This function has the parameters listed below.Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain error code.
Description
This function is identical toSSL_ConfigServerSessionIDCache
, except that it is for use with applications that use multiple processes. You must use one or the other of these functions to create a server cache, not both.
If your application will use multiple processes (instead of, or in addition to, multiple threads), and all of the processes appear to be on the same server (same IP address and port number), then those processes must share a common SSL session cache. The common parent of all the processes must call this function to create the cache before creating the other processes.
An application uses multiple processes only if it uses the Unix function fork
, or the Win32 function CreateProcess
. This is not the same as using multiple threads or multiple processors. Note that an SSL server that uses Fortezza hardware devices is limited to a single process. It can use multiple threads, and thereby make use of multiple processors, but this must all be done from a single process.
This function creates two caches: the server session ID cache (also called the server session cache, or server cache), and the client-auth certificate cache (also called the client cert cache, or client auth cache). Both caches are used only for sessions where the program handshakes as a server. The client-auth certificate cache is used to remember the certificates previously presented by clients for client certificate authentication.
Passing a NULL
value or a value that is out of range for any of the parameters
causes the server default value to be used in the server cache. The values that
you pass affect only the server cache, not the client cache.
Before the cache can be used in the child process, the child process must complete its initialization using SSL_InheritMPServerSIDCache
.
SSL_InheritMPServerSIDCache
Ensures the inheritance of file descriptors to a child process.Syntax
#include "ssl.h"
SECStatus SSL_InheritMPServerSIDCache (const char *envString);
Parameters
This function has the following parameter:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
This function completes the inheritance of file descriptors from a parent to a child process. After the child process is created, it must call this function to complete its initialization. The value of theenvString
argument depends on which of the two possible inheritance schemes you have used. (See Initializing Multi-Processing with a Shared SSL Server Cache.)
-
If the
SSL_INHERITANCE
variable has been inherited as part of the child's environment, the child must pass aNULL
pointer as theenvString
argument. This causes the function to look in the environment for the variable. -
If the parent has transmitted the value of the
SSL_INHERITANCE
variable to the child by some other means, the child must pass a pointer to that string as theenvString
argument to complete the inheritance.
SECSuccess
, the server cache is ready to be used by the SSL code.
SSL Export Policy Functions
The SSL export policy functions determine which cipher suites are permitted for use in an SSL session. They do not determine which cipher suites are actually enabled--that is, turned on and ready to use. To enable or disable a permitted cipher suite, useSSL_CipherPrefSetDefault
; but bear in mind that SSL_CipherPrefSetDefault
can't enable any cipher suite that is not explicitly permitted as a result of a call to one of the export policy functions.
By default, none of the cipher suites supported by SSL are permitted. The functions NSS_SetDomesticPolicy
, NSS_SetExportPolicy
, and NSS_SetFrancePolicy
permit the use of approved cipher suites for domestic, international, and French versions, respectively, of software products with encryption features. The policy settings permitted by these functions conform with current U.S. export regulations as understood by Netscape (for products with and without "retail status" as defined by the latest U.S. Export Regulations) and French import regulations.
Under some circumstances, you may be required to abide by the terms of an export license that permits more or fewer capabilities than those allowed by these three functions. In such cases, use SSL_CipherPolicySet
to explicitly enable those cipher suites you may legally export.
For descriptions of cipher suites supported by SSL, see Introduction to SSL.
Applications must call one of the export policy functions before attempting to perform any cryptographic operations:
NSS_SetDomesticPolicy
NSS_SetExportPolicy
NSS_SetFrancePolicy
SSL_CipherPolicySet
The following function is also described in this section:
SSL_CipherPolicyGet
NSS_SetDomesticPolicy
Configures cipher suites to conform with current U.S. export regulations related to domestic software products with encryption features.Syntax
#include "ssl.h"
extern SECStatus NSS_SetDomesticPolicy(void);
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful, returns
SECFailure
. UsePR_GetError
to obtain the error code.
Description
NSS_SetDomesticPolicy
configures all the cipher suites listed under SSL_CipherPolicySet
for software that is not intended for export, and is thus not required to conform with U.S. export regulations related to domestic software products with encryption features. After calling this function, all cipher suites listed are permitted (but not necessarily enabled; see SSL Export Policy Functions) for the calling application.
When an SSL connection is established, SSL permits the use of the strongest cipher suites that are both permitted and enabled for the software on both ends of the connection. For example, if a client that has called NSS_SetDomesticPolicy
establishes an SSL connection with a server for which some cipher suites are either not permitted or not enabled (such as an international version of Netscape server software), SSL uses the strongest cipher suites supported by the server that are also supported by the client.
Under some circumstances, you may be required to abide by the terms of an export license that permits more or fewer capabilities than those allowed by NSS_SetDomesticPolicy
. In that case, first call NSS_SetDomesticPolicy
, NSS_SetExportPolicy
, or NSS_SetFrancePolicy
, then call SSL_CipherPolicySet
repeatedly to explicitly allow or disallow cipher suites until only those that you may legally export are permitted.
Important
If you callNSS_SetDomesticPolicy
sometime after initialization to change
cipher suite policy settings, you must also call SSL_ClearSessionCache
.
Otherwise, the old settings remain in the session cache and will be used instead
of the new settings.
NSS_SetExportPolicy
Configures the SSL cipher suites to conform with current U.S. export regulations related to international software products with encryption features.Syntax
#include "ssl.h"
extern SECStatus NSS_SetExportPolicy(void);
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful, returns
SECFailure
. UsePR_GetError
to obtain the error code.
Description
NSS_SetExportPolicy
configures all the cipher suites listed under SSL_CipherPolicySet
to conform with current U.S. export regulations related to international software products with encryption features (as Netscape understands them). Calling this function permits use of cipher suites listed below (but doesn't necessarily enable them; see SSL Export Policy Functions). Policy for these suites is set to SSL_ALLOWED
unless otherwise indicated. SSL_RESTRICTED
means the suite can be used by clients only when they are communicating with domestic server software or with international server software that presents a Global ID certificate. For more details on policy settings, see SSL_CipherPolicySet
.
For SSL 2.0:
For SSL 3.0:
-
SSL_RSA_WITH_NULL_MD5
-
SSL_RSA_WITH_RC4_128_MD5 (SSL_RESTRICTED)
-
SSL_RSA_WITH_3DES_EDE_CBC_SHA (SSL_RESTRICTED)
-
SSL_RSA_EXPORT_WITH_RC4_40_MD5
-
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
NSS_SetExportPolicy
. In that case, you should first call NSS_SetDomesticPolicy
, NSS_SetExportPolicy
, or NSS_SetFrancePolicy
, then call SSL_CipherPolicySet
repeatedly to explicitly allow or disallow cipher suites until only those that you may legally export are permitted.
Important
If you callNSS_SetExportPolicy
sometime after initialization to change
cipher suite policy settings, you must also call SSL_ClearSessionCache
.
Otherwise, the old settings remain in the session cache and will be used instead
of the new settings.
NSS_SetFrancePolicy
Configures the SSL cipher suites to conform with French import regulations related to software products with encryption features.Syntax
#include "ssl.h"
SECStatus NSS_SetFrancePolicy(void);
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful, returns
SECFailure
. UsePR_GetError
to obtain the error code.
Description
NSS_SetFrancePolicy
configures all the cipher suites listed under SSL_CipherPolicySet
to conform with current U.S. export regulations and French import regulations (as Netscape understands them) related to software products with encryption features. Calling this function permits use of cipher suites listed below (but doesn't necessarily enable them; see SSL Export Policy Functions). Policy for these suites is set to SSL_ALLOWED
. For more details on policy settings, see SSL_CipherPolicySet
.
For SSL 2.0:
For SSL 3.0:
Under some circumstances, you may be required to abide by the terms of an export license that permits more or fewer capabilities than those allowed by NSS_SetFrancePolicy
. In that case, you should first call NSS_SetDomesticPolicy
, NSS_SetExportPolicy
, or NSS_SetFrancePolicy
, then call SSL_CipherPolicySet
repeatedly to explicitly allow or disallow cipher suites until only those that you may legally export are permitted.
Important
If you callNSS_SetFrancePolicy
sometime after initialization to change
cipher suite policy settings, you must also call SSL_ClearSessionCache
.
Otherwise, the old settings remain in the session cache and will be used instead
of the new settings.
SSL_CipherPolicySet
Sets policy for the use of individual cipher suites.SSL_CipherPolicySet
replaces the deprecated function SSL_SetPolicy
.
Syntax
#include "ssl.h"
#include "proto.h"
SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
Parameters
This function has the following parameters:
A value from one of the following lists. Values for SSL2 (all are disallowed by default): | |
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
SSL_CipherPolicySet
tells the SSL library that the specified cipher suite is allowed by the application's export license, or is not allowed by the application's export license, or is allowed to be used only with a Step-Up certificate. It overrides the factory default policy for that cipher suite. The default policy for all cipher suites is SSL_NOT_ALLOWED
, meaning that the application's export license does not approve the use of this cipher suite. A U.S. "domestic" version of a product typically sets all cipher suites to SSL_ALLOWED
. This setting is used to separate export and domestic versions of a product, and is not intended to express user cipher preferences. This setting affects all SSL sockets in the application process that are opened after a call to SSL_CipherPolicySet
.
Under some circumstances, you may be required to abide by the terms of an export license that permits more or fewer capabilities than those allowed by NSS_SetDomesticPolicy
, NSS_SetExportPolicy
, or NSS_SetFrancePolicy
. In that case, first call NSS_SetDomesticPolicy
, NSS_SetExportPolicy
, or NSS_SetFrancePolicy
, then call SSL_CipherPolicySet
repeatedly to explicitly allow or disallow cipher suites until only those that you may legally export are permitted.
In a domestic US product, all the cipher suites are (presently) allowed. In an export client product, some cipher suites are always allowed (such as those with 40-bit keys), some are never allowed (such as triple-DES), and some are allowed (such as RC4_128) for use with approved servers, typically servers owned by banks with special Global ID certificates. (For details, see NSS_SetExportPolicy
and NSS_SetFrancePolicy
.) When an SSL connection is established, SSL uses only cipher suites that have previously been explicitly permitted by a call to one of the SSL export policy functions.
Note that the value SSL_RESTRICTED
(passed in the policy
parameter) is currently used only by SSL clients, which can use it to set policy for connections with servers that have SSL step-up certificates.
Important
If you callSSL_CipherPolicySet
sometime after initialization to change
cipher suite policy settings, you must also call SSL_ClearSessionCache
.
Otherwise, the old settings remain in the session cache and will be used instead
of the new settings.
See Also
Permitting a cipher suite is not necessarily the same as enabling it. For details, see SSL Export Policy Functions. For descriptions of cipher suites supported by SSL, see Introduction to SSL.SSL_CipherPolicyGet
Gets the current policy setting for a specified cipher suite.SSL_CipherPolicyGet
is the complementary function for SSL_CipherPolicySet
.
Syntax
#include "ssl.h"
#include "proto.h"
SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
Parameters
This function has the following parameters:
A value identifying a cipher suite. For a list of possible values, see | |
Description
See the description above forSSL_CipherPolicySet
.
SSL Configuration Functions
SSL configuration involves several NSPR functions in addition to the SSL functions listed here. For a complete list of configuration functions, see Configuration. SSL ConfigurationCallback Configuration
SSL Configuration
SSL_ImportFD
SSL_OptionSet
SSL_OptionGet
SSL_CipherPrefSet
SSL_CipherPrefGet
SSL_ConfigSecureServer
SSL_SetURL
SSL_SetPKCS11PinArg
SSL_ImportFD
Imports an existing NSPR file descriptor into SSL and returns a new SSL socket.Syntax
#include "ssl.h"
PRFileDesc *SSL_ImportFD(
PRFileDesc *model,
PRFileDesc *fd);
Parameters
This function has the following parameters:Returns
The function returns one of these values:Description
Any SSL function that takes a pointer to a file descriptor (socket) as a parameter will have no effect (even though the SSL function may returnSECSuccess
) if the socket is not an SSL socket. Sockets do not automatically become secure SSL sockets when they are created by the NSPR functions. You must pass an NSPR socket's file descriptor to SSL_ImportFD
to make it an SSL socket before you call any other SSL function that takes the socket's file descriptor as a parameter
SSL_ImportFD
imports an existing NSPR file descriptor into SSL and returns a new SSL socket file descriptor. If the model
parameter is not NULL
, the configuration of the new file descriptor is copied from the model. If the model
parameter is NULL
, then the default SSL configuration is used.
The new file descriptor returned by SSL_ImportFD
is not necessarily equal to the original NSPR file descriptor. If, after calling SSL_ImportFD
, the file descriptors are not equal, you should perform all operations on the new PRFileDesc
structure, never the old one. Even when it's time to close the file descriptor, always close the new PRFileDesc
structure, never the old one.
SSL_OptionSet
Sets a single configuration parameter of a specified socket. Call once for each parameter you want to change.SSL_OptionSet
replaces the deprecated function SSL_Enable
.
Syntax
#include "ssl.h"
SECStatus SSL_OptionSet(
PRFileDesc *fd,
PRInt32 option,
PRBool on);
Parameters
This function has the following parameters:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful, returns
SECFailure
. UsePR_GetError
to obtain the error code.
Description
Keep the following in mind when deciding on the operating parameters you want to use with a particular socket:-
The SSL protocol is defined to be able to handle simultaneous two-way communication between applications at each end of an SSL connection. Two-way simultaneous communication is also known as "Full Duplex", abbreviated FDX. However, most application protocols that use SSL are not two-way simultaneous, but two-way alternate, also known as "Half Dupled"; that is, each end takes turns sending, and each end is either sending, or receiving, but not both at the same time.
For an application to do full duplex, it would have two threads sharing the socket; one doing all the reading and the other doing all the writing.
The
SSL_ENABLE_FDX
option tells the SSL library whether the application will have two threads, one reading and one writing, or just one thread doing reads and writes alternately. - If an SSL3 client hello message is sent to a server that only understands SSL2 and not SSL3, then the server will interpret the SSL3 client hello as a very large message, and the connection will usually seem to "hang" while the SSL2 server expects more data that will never arrive. For this reason, the SSL3 spec allows SSL3 client hellos to be sent in SSL2 format, and it recommends that SSL3 servers all accept SSL3 client hellos in SSL2 format. When an SSL2-only server receives an SSL3 client hello in SSL2 format, it can (and probably will) negotiate the protocol version correctly, not causing a "hang". Some applications may wish to force SSL3 client hellos to be sent in SSL3 format, not in SSL2-compatible format. They might wish to do this if they knew, somehow, that the server does not understand SSL2-compatible client hello messages.
-
The options
SSL_ENABLE_SSL2
,SSL_ENABLE_SSL3
, andSSL_ENABLE_TLS
can each be set toPR_TRUE
orPR_FALSE
independently of each other. NSS 2.8 and later versions will negotiate the highest protocol version with the peer application from among the set of protocols that are commonly enabled in both applications.
Note that SSL3 and TLS share the same set of cipher suites. When both SSL3 and TLS are enabled, all SSL3/TLS cipher suites that are enabled are enabled for both SSL3 and TLS.
SSL_V2_COMPATIBLE_HELLO
tells the SSL library whether or not to send SSL3 client hello messages in SSL2-compatible format. Note that calling SSL_OptionSet
to set SSL_V2_COMPATIBLE_HELLO
to PR_FALSE
implicitly also sets the SSL_ENABLE_SSL2
option to PR_FALSE
for that SSL socket. Calling SSL_EnableDefault
to change the application default setting for SSL_V2_COMPATIBLE_HELLO
to PR_FALSE
implicitly also sets the default value for SSL_ENABLE_SSL2
option to PR_FALSE
for that application.
SSL_ResetHandshake
to indicate whether the socket is for a client or server. At first glance this may seem unnecessary, since SSL_OptionSet
can set SSL_HANDSHAKE_AS_CLIENT
or SSL_HANDSHAKE_AS_SERVER
. However, these settings control the behavior of PR_Connect
and PR_Accept
only; if you don't call one of those functions after importing a non-SSL socket with SSL_Import
(as in the case of an already established TCP connection), SSL still needs to know whether the application is functioning as a client or server.
If a socket file descriptor is imported as an SSL socket before it is connected, it is implicitly configured to handshake as a client or handshake as a server when the connection is made. If the application calls PR_Connect
(connecting as a TCP client), then the SSL socket is (by default) configured to handshake as an SSL client. If the application calls PR_Accept
(connecting the socket as a TCP server) then the SSL socket is (by default) configured to handshake as an SSL server. SSL_HANDSHAKE_AS_CLIENT
and SSL_HANDSHAKE_AS_SERVER
control this implicit configuration.
Both SSL_HANDSHAKE_AS_CLIENT
and SSL_HANDSHAKE_AS_SERVER
are initially set to off--that is, the process default for both values is PR_FALSE
when the process begins. The process default can be changed from the initial values by using SSL_EnableDefault
, and the value for a particular socket can be changed by using SSL_OptionSet
.
When you import a new SSL socket with SSL_ImportFD
using a model file descriptor, the new SSL socket inherits its values for SSL_HANDSHAKE_AS_CLIENT
and SSL_HANDSHAKE_AS_SERVER
from the model file descriptor.
When PR_Accept
accepts a new connection from a listen file descriptor and creates a new file descriptor for the new connection, the listen file descriptor also acts as a model for the new file descriptor, and the new file descriptor inherits its values from the model.
SSL_HANDSHAKE_AS_CLIENT
and SSL_HANDSHAKE_AS_SERVER
cannot both be turned on simultaneously. If you use SSL_OptionSet
to turn one of these on when the other one is already turned on for a particular socket, the function returns with the error code set to SEC_ERROR_INVALID_ARGS
. Likewise, using SSL_EnableDefault
to turn on the global default for one of these when the global default for the other one is already turned for a particular socket generates the same error. However, there is no good reason for these to be mutually exclusive. This restirction will be removed in future releases.
If a socket that is already connected gets imported into SSL after it has been connected (that is, after PR_Accept
or PR_Connect
has returned), then no implicit SSL handshake configuration as a client or server will have been done by PR_Connect
or PR_Accept
on that socket. In this case, a call to SSL_ResetHandshake
is required to explicitly configure the socket to handshake as a client or as a server. If SSL_ResetHandshake
is not called to explicitly configure the socket handshake, a crash is likely to occur when the first I/O operation is done on the socket after it is imported into SSL.
SSL_OptionGet
SSL_OptionGet
gets the value of a specified SSL option on a specified SSL socket.
Syntax
#include "ssl.h"
SECStatus SSL_OptionGet(
PRFileDesc *fd,
PRInt32 option,
PRBool *on);
Parameters
This function has the following parameters:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful, returns
SECFailure
. UsePR_GetError
to obtain the error code.
Description
See the description above forSSL_OptionSet
.
SSL_CipherPrefSet
SSL_CipherPrefSet
specifies the use of a specified cipher suite on a specified SSL socket.
Syntax
#include "ssl.h"
#include "proto.h"
SECStatus SSL_CipherPrefSet(
PRFileDesc *fd,
PRInt32 cipher,
PRBool enabled);
Parameters
This function has the following parameters:One of the following values for SSL2 (all are enabled by default): | |
If nonzero, the specified cipher is enabled. If zero, the cipher is disabled. |
Description
SSL_CipherPrefSet
is a new function in NSS 2.6 and later. It allows the application to set the user preferences for cipher suites on an individual socket, overriding the default value for the preference (which can be set with SSL_CipherPrefSetDefault
). If an application needs to set the cipher preferences on an individual socket, it should do so before initiating an SSL handshake, not during an SSL handshake.
For more information on the use of the TLS and FIPS cipher suites, see SSL_CipherPrefSetDefault
.
SSL_CipherPrefGet
Gets the current preference setting for a specified SSL2 or SSL3 cipher suite.Syntax
#include "ssl.h"
#include "proto.h"
SECStatus SSL_CipherPrefGet(
PRFileDesc *fd,
PRInt32 cipher,
PRBool *enabled);
Parameters
This function has the parameters listed below.
The cipher suite whose default preference setting you want to get. For a list of the cipher suites you can specify, see | |
Description
SSL_CipherPrefGet
performs the complementary function to SSL_CipherPrefSet
. It returns the current preference setting for the SSL cipher suite for the socket. If the application has not previously set the cipher preference for this cipher on this socket, the value will be either the process default value or the value inherited from a listen socket or a model socket.
SSL_ConfigSecureServer
Configures a listen socket with the information needed to handshake as an SSL server.SSL_ConfigSecureServer
requires the certificate for the server and the server's private key. The arguments are copied.
Syntax
#include "ssl.h"
SECStatus SSL_ConfigSecureServer(
PRFileDesc *fd,
CERTCertificate *cert,
SECKEYPrivateKey *key,
SSLKEAType keaType);
Parameters
This function has the following parameters:Key exchange type for use with specified certificate and key. These values are currently valid: |
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
Before SSL can handshake as a server on a socket, it must be configured to do so with a call to SSL_ConfigSecureServer (among other things). This function configures a listen socket. Child sockets created byPR_Accept
inherit the configuration.
Servers can be configured with more than one certificate for a given port, and different certificates can support different key-exchange algorithms. To find out what key-exchange algorithm a particular certificate supports, pass the certificate structure to NSS_FindCertKEAType
. You can then pass the SSLKEAType
value returned by NSS_FindCertKEAType
in the keaType
parameter of SSL_ConfigSecureServer
. The server uses the specified key-exchange algorithm with the specified certificate and key.
When the keaType
is kt_rsa
, this function generates a step-down key that is supplied as part of the handshake if needed. (A step-down key is needed when the server's public key is stronger than is allowed for export ciphers.) In this case, if the server is expected to continue running for a long time, you should call this function periodically (once a day, for example) to generate a new step-down key.
SSL makes and keeps internal copies (or increments the reference counts, as appropriate) of certificate and key structures. The application should destroy its copies when it has no further use for them by calling CERT_DestroyCertificate
and SECKEY_DestroyPrivateKey
.
SSL_SetURL
Sets the domain name of the intended server in the client's SSL socket.Syntax
#include "ssl.h"
int SSL_SetURL(
PRFileDesc *fd,
char *url);
Parameters
This function has the following parameters:A pointer to a string specifying the desired server's domain name. |
Returns
The function returns one of the following values:- If successful, zero.
-
If unsuccessful,
-1
. UsePR_GetError
to obtain the error code.
Description
The client application's certificate authentication callback function needs to compare the domain name in the server's certificate against the domain name of the server the client was attempting to contact. This step is vital because it is the client's only protection against a man-in-the-middle attack. The client application usesSSL_SetURL
to set the domain name of the desired server before performing the first SSL handshake. The client application's certificate authentication callback function gets this string by calling SSL_RevealURL
.
SSL_SetPKCS11PinArg
Sets the argument passed to the password callback function specified by a call toPK11_SetPasswordFunc
.
Syntax
#include "ssl.h"
int SSL_SetPKCS11PinArg(PRFileDesc *fd, void *a);
Parameters
This function has the following parameters:Returns
The function returns one of the following values:- If successful, zero.
-
If unsuccessful,
-1
. UsePR_GetError
to obtain the error code.
Description
During the course of an SSL operation, it may be necessary for the user to log in to a PKCS #11 token (either a smart card or soft token) to access protected information, such as a private key. Such information is protected with a password that can be retrieved by calling an application-supplied callback function. The callback function is specified in a call toPK11_SetPasswordFunc
that takes place during NSS initialization.
Several functions in the NSS libraries use the password callback function to obtain the password before performing operations that involve the protected information. When NSS libraries call the password callback function, the value they pass in as the third parameter is the value of the a
argument to PK11_SetPKCS11PinArg
. The third parameter to the password callback function is application-defined and can be used for any purpose. For example, Communicator uses the parameter to pass information about which window is associated with the modal dialog box requesting the password from the user.
You can obtain the PIN argument by calling SSL_RevealPinArg
.
Callback Configuration
At the beginning of an SSL application, it is often necessary to set up callback functions for the SSL API to use when it needs to call the application. These functions are used to request authentication information from the application or to inform the application when a handshake is completed.SSL_AuthCertificateHook
SSL_AuthCertificate
SSL_BadCertHook
SSL_GetClientAuthDataHook
NSS_GetClientAuthData
SSL_HandshakeCallback
Setting up the callback functions described in this section may be optional for some applications. However, all applications must use PK11_SetPasswordFunc
to set up the password callback function during NSS initialization.
For examples of the callback functions listed here, see Chapter 2, "Getting Started With SSL."
SSL_AuthCertificateHook
Specifies a certificate authentication callback function called to authenticate an incoming certificate.Syntax
#include "ssl.h"
SECStatus SSL_AuthCertificateHook(
PRFileDesc *fd,
SSLAuthCertificate f,
void *arg);
Parameters
This function has the following parameters:Returns
The function returns one of the following values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
The callback function set up bySSL_AuthCertificateHook
is called to authenticate an incoming certificate. If the checksig
parameter is set to PR_TRUE
, the callback function also verifies the digital signature.
NOTE: If you do not callThe callback function has the following prototype:SSL_AuthCertificateHook
to supply a certificate authentication callback function, SSL uses the default callback function,SSL_AuthCertificate
.
typedef SECStatus (*SSLAuthCertificate) (This callback function has the following parameters:
void *arg,
PRFileDesc *fd,
PRBool checksig,
PRBool isServer);
-
If authentication is successful,
SECSuccess
. -
If authentication is not successful,
SECFailure
. If the callback returnsSECFailure
, the callback should indicate the reason for the failure (if possible) by callingPR_GetError
with the appropriate error code.
SSL_PeerCertificate
.
If isServer
is false, the callback should also check that the domain name in the remote server's certificate matches the desired domain name specified in a previous call to SSL_SetURL
. To obtain that domain name, the callback calls SSL_RevealURL
.
The callback may need to call one or more PK11 functions to obtain the services of a PKCS #11 module. Some of the PK11 functions require a PIN argument (see SSL_SetPKCS11PinArg
for details). To obtain the value that was set with SSL_SetPKCS11PinArg
, the callback calls SSL_RevealPinArg
.
If the callback returns SECFailure
, the SSL connection is terminated immediately unless the application has supplied a bad-certificate callback function by having previously called SSL_BadCertHook
. A bad-certificate callback function gives the application the opportunity to choose to accept the certificate as authentic and authorized even though it failed the check performed by the certificate authentication callback function.
See Also
For examples of certificate authentication callback functions, see the sample code referenced from Chapter 2, "Getting Started With SSL."SSL_AuthCertificate
Default callback function used to authenticate certificates received from the remote end of an SSL connection if the application has not previously calledSSL_AuthCertificateHook
to specify its own certificate authentication callback function.
Syntax
#include "ssl.h"
SECStatus SSL_AuthCertificate(
void *arg,
PRFileDesc *fd,
PRBool checksig,
PRBool isServer);
Parameters
This function has the following parameters:Returns
The function returns one of these values:Description
SSL callsSSL_AuthCertificate
by default (if no other callback function is provided) to authenticate an incoming certificate. If the checksig
parameter is set to PR_TRUE
(which is normally the case), the function also verifies the digital signature and the certificate chain.
If the socket is a client socket, SSL_AuthCertificate
tests the domain name in the SSL socket against the domain name in the server certificate's subject DN:
- If the domain name in the SSL socket doesn't match the domain name in the server certificate's subject DN, the function fails.
-
If the SSL socket has not had a domain name set (that is, if
SSL_SetURL
has not been called) or its domain name is set to an empty string, the function fails.
client.c
sample in the SSLsample directory in the NSS source tree is functionally identical to the implementation of SSL_AuthCertificate
.
SSL_BadCertHook
Sets up a callback function to deal with a situation where theSSL_AuthCertificate
callback function has failed. This callback function allows the application to override the decision made by the certificate authorization callback and authorize the certificate for use in the SSL connection.
Syntax
#include "ssl.h"
SECStatus SSL_BadCertHook(
PRFileDesc *fd,
SSLBadCertHandler f,
void *arg);
Parameters
This function has the following parameters:
A pointer supplied by the application that can be used to pass state information. Can be |
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
The bad-certificate callback function gives the program an opportunity to do something (for example, log the attempt or authorize the certificate) when certificate authentication is not successful. If such a callback function is not provided by the application, the SSL connection simply fails when certificate authentication is not successful. The callback function set up bySSL_BadCertHook
has the following prototype:
typedef SECStatus (*SSLBadCertHandler)(This callback function has the following parameters:
void *arg,
PRFileDesc *fd);
-
SECSuccess
: The callback has chosen to authorize the certificate for use in this SSL connection, despite the fact that it failed the examination by the certificate authentication callback. -
SECFailure
: The certificate is not authorized for this SSL connection. The SSL connection will be terminated immediately.
SSL_PeerCertificate
. Since it is called immediately after the certificate authentication callback returns, the bad-certificate callback function can obtain the error code set by the certificate authentication callback by calling PR_GetError
immediately, as the first operation it performs.
The callback may need to call one or more PK11 functions to obtain the services of a PKCS #11 module. Some of the PK11 functions require a PIN argument (see SSL_SetPKCS11PinArg
for details). To obtain the value previously passed, the callback calls SSL_RevealPinArg
See Also
For examples of bad certificate callback functions, see theclient.c
and server.c
samples in the SSLsample directory in the NSS source tree.
SSL_GetClientAuthDataHook
Defines a callback function for SSL to use in a client application when a server asks for client authentication information. This callback function is required if your client application is going to support client authentication.Syntax
#include "ssl.h"
SECStatus SSL_GetClientAuthDataHook(
PRFileDesc *fd,
SSLGetClientAuthData f,
void *a);
Parameters
This function has the following parameters:A pointer to the application's callback function that delivers the key and certificate. | |
A pointer supplied by the application that can be used to pass state information. Can be |
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
The callback function set withSSL_GetClientAuthDataHook
is used to get information from a client application when authentication is requested by the server. The callback function retrieves the client's private key and certificate.
SSL provides an implementation of this callback function; see NSS_GetClientAuthData
for details. Unlike SSL_AuthCertificate
, NSS_GetClientAuthData
is not a default callback function. You must set it explicitly with SSL_GetClientAuthDataHook
if you want to use it.
The callback function has the following prototype:
typedef SECStatus (*SSLGetClientAuthData)(This callback function has the following parameters:
void *arg,
PRFileDesc *fd,
CertDistNames *caNames,
CERTCertificate **pRetCert,
SECKEYPrivateKey **pRetKey);
The callback function returns one of these values:
See Also
For an example of a client authentication data callback function, see theclient.c
sample in the SSLsample directory in the NSS source tree.
NSS_GetClientAuthData
Callback function that a client application can use to get the client's private key and certificate when authentication is requested by a remote server.Syntax
#include "ssl.h"
SECStatus NSS_GetClientAuthData(
void * arg,
PRFileDesc *socket,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey);
Parameters
This function has the following parameters:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
UnlikeSSL_AuthCertificate
, NSS_GetClientAuthData
is not a default callback function. You must set it explicitly with SSL_GetClientAuthDataHook
for each SSL client socket.
Once NSS_GetClientAuthData
has been set for a client socket, SSL invokes it whenever SSL needs to know what certificate and private key (if any) to use to respond to a request for client authentication.
The implementation of the certificate authentication data callback function shown in the client.c
sample in the SSLsample directory in the NSS source tree is functionally identical to the implementation of NSS_GetClientAuthData
. This implementation is provided as a convenience; applications can supply their own implementations.
SSL_HandshakeCallback
Sets up a callback function used by SSL to inform either a client application or a server application when the handshake is completed.Syntax
#include "ssl.h"
SECStatus SSL_HandshakeCallback(
PRFileDesc *fd,
SSLHandshakeCallback cb,
void *client_data);
Parameters
This function has the following parameters:
A pointer to the value of the |
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
The callback function set bySSL_HandshakeCallback
has the following prototype:
typedef void (*SSLHandshakeCallback)(This callback function has the following parameters:
PRFileDesc *fd,
void *client_data);
A pointer supplied by the application that can be used to pass state information. Can be |
See Also
For examples of handshake callback functions, see the samples in the SSLsample directory in the NSS source tree.SSL Communication Functions
Most communication functions are described in the NSPR Reference. For a complete list of communication functions used by SSL-enabled applications, see Communication. nspr/reference/html/index.html"SSL_InvalidateSession
SSL_DataPending
SSL_SecurityStatus
SSL_GetSessionID
SSL_SetSockPeerID
SSL_InvalidateSession
Removes the current session on a particular SSL socket from the session cache.Syntax
#include "ssl.h"
int SSL_InvalidateSession(PRFileDesc *fd);
Parameter
This function has the following parameter:Returns
The function returns one of these values:- If successful, zero.
-
If unsuccessful, -1. Use
PR_GetError
to obtain the error code.
Description
After you callSSL_InvalidateSession
, the existing connection using the session can continue, but no new connections can resume this SSL session.
SSL_DataPending
Returns the number of bytes waiting in internal SSL buffers to be read by the local application from the SSL socket.Syntax
#include "ssl.h"
int SSL_DataPending(PRFileDesc *fd);
Parameter
This function has the following parameter:Returns
The function returns an integer:- If successful, the function returns the number of bytes waiting in internal SSL buffers for the specified socket.
-
If
SSL_SECURITY
has not been enabled with a call toSSL_OptionSetDefault
orSSL_OptionSet
, the function returns zero.
Description
TheSSL_DataPending
function determines whether there is any received and decrypted application data remaining in the SSL socket's receive buffers after a prior read operation. This function does not reveal any information about data that has been received but has not yet been decrypted. Hence, if this function returns zero, that does not necessarily mean that a subsequent call to PR_Read
would block.
SSL_SecurityStatus
Gets information about the security parameters of the current connection.Syntax
#include "ssl.h"
SECStatus SSL_SecurityStatus(
PRFileDesc *fd,
int *on,
char **cipher,
int *keysize,
int *secretKeySize,
char **issuer,
char **subject);
Parameters
This function has the following parameters:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
TheSSL_SecurityStatus
function fills in values only if you supply pointers to values of the appropriate type. Pointers passed can be NULL
, in which case the function does not supply values. When you are finished with them, you should free all the returned values using PR_Free
.
SSL_GetSessionID
Returns aSECItem
structure containing the SSL session ID associated with a file descriptor.
Syntax
#include "ssl.h"
SECItem *SSL_GetSessionID(PRFileDesc *fd);
Parameter
This function has the following parameter:Returns
The function returns one of these values:-
If successful, a pointer to
SECItem
structure containing the SSL session ID associated with the file descriptor passed infd
.
If unsuccessful,
NULL
.Description
This function returns aSECItem
structure containing the SSL session ID associated with the file descriptor fd
. When the application is finished with the SECItem
structure returned by this function, it should free the structure by calling SECITEM_FreeItem(item, PR_TRUE)
.
SSL_SetSockPeerID
Associates a peer ID with a socket to facilitate looking up the SSL session when it is tunneling through a proxy.Syntax
#include "ssl.h"
int SSL_SetSockPeerID(PRFileDesc *fd, char *peerID);
Parameters
This function has the following parameters:An ID number assigned by the application to keep track of the SSL session associated with the peer. |
Returns
The function returns one of these values:- If successful, zero.
-
If unsuccessful, -1. Use
PR_GetError
to obtain the error code.
Description
SSL peers frequently reconnect after a relatively short time has passed. To avoid the overhead of repeating the full SSL handshake in situations like this, the SSL protocol supports the use of a session cache, which retains information about each connection for some predetermined length of time. For example, a client session cache includes the hostname and port number of each server the client connects with, plus additional information such as the master secret generated during the SSL handshake. For a direct connection with a server, the hostname and port number are sufficient for the client to identify the server as one for which it has an entry in its session cache. However, the situation is more complicated if the client is on an intranet and is connecting to a server on the Internet through a proxy. In this case, the client first connects to the proxy, and the client and proxy exchange messages specified by the proxy protocol that allow the proxy, in turn, to connect to the requested server on behalf of the client. This arrangement is known as SSL tunneling. Client session cache entries for SSL connections that tunnel through a particular proxy all have the same hostname and port number--that is, the hostname and port number of the proxy. To determine whether a particular server with which the client is attempting to connect has an entry in the session cache, the session cache needs some additional information that identifies that server. This additional identifying information is known as a peer ID. The peer ID is associated with a socket, and must be set before the SSL handshake occurs--that is, before the SSL handshake is initiated by a call to a function such asPR_Read
or SSL_ForceHandshake
. To set the peer ID, you use SSL_SetSockPeerID
.
In summary, SSL uses three pieces of information to identify a server's entry in the client session cache: the hostname, port number, and peer ID. In the case of a client that is tunneling through a proxy, the hostname and port number identify the proxy, and the peer ID identifies the desired server. Netscape recommends that the client set the peer ID to a string that consists of the server's hostname and port number, like this: "www.hostname.com:387
". This convention guarantees that each server has a unique entry in the client session cache.
See Also
For information about configuring the session cache for a server, seeSSL_ConfigServerSessionIDCache
.
SSL Functions Used by Callbacks
SSL_PeerCertificate
SSL_RevealURL
SSL_RevealPinArg
SSL_PeerCertificate
Returns a pointer to the certificate structure for the certificate received from the remote end of the SSL connection.Syntax
#include "ssl.h"
CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
Parameter
This function has the following parameter:Returns
The function returns one of these values:Description
TheSSL_PeerCertificate
function is used by certificate authentication and bad-certificate callback functions to obtain the certificate under scrutiny. If the client calls SSL_PeerCertificate
, it always returns the server's certificate. If the server calls SSL_PeerCertificate
, it may return NULL
if client authentication is not enabled or if the client had no certificate when asked.
SSL makes and keeps internal copies (or increments the reference counts, as appropriate) of certificate and key structures. The application should destroy its copies when it has no further use for them by calling CERT_DestroyCertificate
and SECKEY_DestroyPrivateKey
.
SSL_RevealURL
Returns a pointer to a newly allocated string containing the domain name of the desired server.Syntax
#include "ssl.h"
char *SSL_RevealURL(PRFileDesc *fd);
Parameter
This function has the following parameter:Returns
The function returns one of the following values:- If successful, returns a pointer to a newly allocated string containing the domain name of the desired server.
-
If unsuccessful,
NULL
.
Description
TheSSL_RevealURL
function is used by certificate authentication callback function to obtain the domain name of the desired SSL server for the purpose of comparing it with the domain name in the certificate presented by the server actually contacted. When the callback function is finished with the string returned, the string should be freed with a call to PR_Free
.
SSL_RevealPinArg
Returns thePKCS11PinArg
value associated with the socket.
Syntax
#include "ssl.h"
void *SSL_RevealPinArg(PRFileDesc *fd);
Parameter
This function has the following parameter:Returns
The function returns one of the following values:Description
TheSSL_RevealPinArg
function is used by callback functions to obtain the PIN argument that NSS passes to certain functions. The PIN argument points to memory allocated by the application. The application is responsible for managing the memory referred to by this pointer. For more information about this argument, see SSL_SetPKCS11PinArg
.
SSL Handshake Functions
SSL_ForceHandshake
SSL_ReHandshake
SSL_ResetHandshake
SSL_ForceHandshake
Drives a handshake for a specified SSL socket to completion on a socket that has already been prepared to do a handshake or is in the middle of doing a handshake.Syntax
#include "ssl.h"
SECStatus SSL_ForceHandshake(PRFileDesc *fd);
Parameters
This function has the following parameter:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
When you are forcing the initial handshake on a blocking socket, this function returns when the handshake is complete. For subsequent handshakes, the function can return either because the handshake is complete, or because application data has been received on the connection that must be processed (that is, the application must read it) before the handshake can continue. You can useSSL_ForceHandshake
when a handshake is desired but neither end has anything to say immediately. This occurs, for example, when an HTTPS server has received a request and determines that before it can answer the request, it needs to request an authentication certificate from the client. At the HTTP protocol level, nothing more is being said (that is, no HTTP request or response is being sent), so the server uses SSL_ForceHandshake
to make the handshake occur.
SSL_ForceHandshake
does not prepare a socket to do a handshake by itself. The following functions prepare a socket (previously imported into SSL and configured as necessary) to do a handshake:
-
PR_Connect
-
PR_Accept
-
SSL_ReHandshake
(after the first handshake is finished) -
SSL_ResetHandshake
(for sockets that were connected or accepted prior to being imported)
SSL_ForceHandshake
will almost always be preceded by one of those functions.
In versions prior to NSS 1.2, you cannot force a subsequent handshake. If you use this function after the initial handshake, it returns immediately without forcing a handshake.
SSL_ReHandshake
Causes SSL to begin a new SSL 3.0 handshake on a connection that has already completed one handshake.SSL_ReHandshake
replaces the deprecated function SSL_RedoHandshake
.
Syntax
#include "ssl.h"
SECStatus SSL_RedoHandshake(PRFileDesc *fd, PRBool flushCache);
Parameter
This function has the following parameters:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
IfflushCache
is non-zero, the SSL_ReHandshake
function invalidates the current SSL session associated with the specified fd
from the session cache and starts another full SSL 3.0 handshake. It is for use with SSL 3.0 only. You can call this function to redo the handshake if you have changed one of the socket's configuration parameters (for example, if you are going to request client authentication).
Setting flushCache
to zero can be useful, for example, if you are using export ciphers and want to keep changing the symmetric keys to foil potential attackers.
SSL_ReHandshake
only initiates the new handshake by sending the first message of that handshake. To drive the new handshake to completion, you must either call SSL_ForceHandshake
or do another I/O operation (read or write) on the socket. A call to SSL_ReHandshake
is typically followed by a call to SSL_ForceHandshake
.
SSL_ResetHandshake
Resets the handshake state for a specified socket.Syntax
#include "ssl.h"
SECStatus SSL_ResetHandshake(
PRFileDesc *fd,
PRBool asServer);
Parameters
This function has the following parameters:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
CallingSSL_ResetHandshake
causes the SSL handshake protocol to start from the beginning on the next I/O operation. That is, the handshake starts with no cipher suite already in use, just as it does on the first handshake on a new socket.
When an application imports a socket into SSL after the TCP connection on that socket has already been established, it must call SSL_ResetHandshake
to determine whether SSL should behave like an SSL client or an SSL server. Note that this step would not be necessary if the socket weren't already connected. For an SSL socket that is configured before it is connected, SSL figures this out when the application calls PR_Connect
or PR_Accept
. If the socket is already connected before SSL gets involved, you must provide this extra hint.
NSS Shutdown Function
NSS_Shutdown
Closes the key and certificate databases that were opened byNSS_Init
.
Syntax
#include "nss.h"
void NSS_Shutdown(void);
Deprecated Functions
The following functions have been replaced with newer versions but are still supported:SSL_EnableDefault
SSL_Enable
SSL_EnableCipher
SSL_SetPolicy
SSL_EnableDefault
Changes a default value for all subsequently opened sockets as long as the current application program is running.SSL_EnableDefault
has been replaced by SSL_OptionSetDefault
and works the same way.
Syntax
#include "ssl.h"
SECStatus SSL_EnableDefault(int which, PRBool on);
Parameters
This function has the following parameters:
For information about the values that can be passed in the | |
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
For detailed information about usingSSL_Enable
, see the description of
SSL_OptionSetDefault
.
SSL_Enable
Sets a single configuration parameter of a specified socket. Call once for each parameter you want to change.SSL_Enable
has been replaced by SSL_OptionSet
and works the same way.
Syntax
#include "ssl.h"
SECStatus SSL_Enable(
PRFileDesc *fd,
int which,
PRBool on);
Parameters
This function has the following parameters:
For information about the values that can be passed in the | |
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful, returns
SECFailure
. UsePR_GetError
to obtain the error code.
Description
For detailed information about usingSSL_Enable
, see the description of
SSL_OptionSet
.
SSL_EnableCipher
Enables or disables cipher suites (subject to which cipher suites are permitted or disallowed by previous calls to one or more of the SSL Export Policy Functions). This function must be called once for each cipher you want to enable or disable.SSL_EnableCipher
has been replaced by SSL_CipherPrefSetDefault
and works the same way.
Syntax
#include "ssl.h"
#include "sslproto.h"
SECStatus SSL_EnableCipher(long which, PRBool enabled);
Parameters
This function has the following parameters:Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
For detailed information about usingSSL_EnableCipher
, see the description of SSL_CipherPrefSetDefault
.
SSL_SetPolicy
Sets policy for the use of individual cipher suites.SSL_SetPolicy
has been replaced by SSL_CipherPolicySet
and works the same way.
Syntax
#include <ssl.h>
#include <sslproto.h>
SECStatus SSL_SetPolicy(long which, int policy);
Parameters
This function has the following parameters:
The cipher suite for which you want to set policy. For a list of possible values, see | |
Returns
The function returns one of these values:-
If successful,
SECSuccess
. -
If unsuccessful,
SECFailure
. UsePR_GetError
to obtain the error code.
Description
For detailed information about usingSSL_SetPolicy
, see the description of SSL_CipherPolicySet
.
SSL_RedoHandshake
Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.Syntax
#include "ssl.h"
int SSL_RedoHandshake(PRFileDesc *fd);
Parameter
This function has the following parameter:Returns
The function returns one of these values:- If successful, zero.
-
If unsuccessful, -1. Use
PR_GetError
to obtain the error code.
Description
TheSSL_RedoHandshake
function invalidates the current SSL session associated with the fd
parameter from the session cache and starts another full SSL 3.0 handshake. It is for use with SSL 3.0 only. You can call this function to redo the handshake if you have changed one of the socket's configuration parameters (for example, if you are going to request client authentication).
SSL_RedoHandshake
only initiates the new handshake by sending the first message of that handshake. To drive the new handshake to completion, you must either call SSL_ForceHandshake
or do another I/O operation (read or write) on the socket. A call to SSL_RedoHandshake
is typically followed by a call to SSL_ForceHandshake
.
Table of Contents | Previous | Next | Index
Last Updated: 10/18/00 09:17:43