|
Derived string for the specification of a cipher suite list.
Contains colon-delimited (':') cipher strings that can be of any value of the members contained by a Cipher struct. A cipher string indicates an individual cipher or a set of ciphers that use the same protocol version, key exchange etc. The cipher strings can be combined in logical order and operation by character '+'. They can be optionally preceded by either an '!' or a '-' character. Character '!' means that the preceded cipher suite or cipher suite type is permanently deleted from the list. Character '-' means that the preceded cipher suite or cipher suite type is deleted from the list, but any of the cipher suites can be added by later options.
They must contain at least one positive expression, that is, without character '!' or '-' in the cipher string, otherwise the filter results in an empty cipher suite list.
Cipher strings with special meaning:
ALL - all cipher suites except for the NULL encryption ciphers, which must be explicitly enabled. NULL authentication ciphers are included.
DEFAULT - all cipher suites except the NULL authentication and NULL encryption ciphers.
Example:
ALL:!SSLv2:!RSA:!aRSA:!3DES:!DES:!MD5
ALL:!EXP-EDH-RSA-DES-CBC-SHA
AES:-kRSA
AES:RC4
kEDH+EXPORT:-MD5
The examples above demonstrate the syntax only and may contain unsupported cipher suites.
|