Sortix cross-nightly manual
This manual documents Sortix cross-nightly. You can instead view this document in the latest official manual.
NAME
SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level — change security level for TLSSYNOPSIS
#include <openssl/ssl.h>SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
SSL_set_security_level(SSL *s, int level);
SSL_CTX_get_security_level(const SSL_CTX *ctx);
SSL_get_security_level(const SSL *s);
DESCRIPTION
A security level is a set of restrictions on algorithms, key lengths, protocol versions, and other features in TLS connections. These restrictions apply in addition to those that exist from individually selecting supported features, for example ciphers, curves, or algorithms.# | sec | RSA | ECC | TLS | MAC |
0 | 0 | 0 | 0 | 1.0 | MD5 |
1 | 80 | 1024 | 160 | 1.0 | RC4 |
2 | 112 | 2048 | 224 | 1.0 | |
3 | 128 | 3072 | 256 | 1.1 | SHA1 |
4 | 192 | 7680 | 384 | 1.2 | |
5 | 256 | 15360 | 512 | 1.2 |
- #
- The number of the level.
- sec
- The minimum security strength measured in bits, which is approximately the binary logarithm of the number of operations an attacker has to perform in order to break a cryptographic key. This minimum strength is enforced for all relevant parameters including cipher suite encryption algorithms, ECC curves, signature algorithms, DH parameter sizes, and certificate algorithms and key sizes. See SP800-57 below SEE ALSO for details on individual algorithms.
- RSA
- The minimum key length in bits for the RSA, DSA, and DH algorithms.
- ECC
- The minimum key length in bits for ECC algorithms.
- TLS
- The minimum TLS protocol version.
- MAC
- Cipher suites using the given MACs are allowed on this level and on lower levels, but not on higher levels.