Choosing cipher strings requires the use of an intermediate language that allows selection
and deselection of ciphers, key exchange mechanisms, MACs and combinations of those.
Common combinators consist of \texttt{+}, \texttt{-} and \texttt{!}
-\begin{center}
+\begin{center}
\begin{tabular}{rll}
\toprule
\textbf{combinator} & \textbf{effect} & \textbf{example}\\\cmidrule(lr){1-3}
- \verb|+| & add at this position & \verb|+SHA256| \\
- \verb|-| & remove at the current position & \verb|-SSLv3| \\
- \verb|!| & permanently remove from selection & \verb|!3DES| \\
- (OpenSSL) \verb|@| & special command & \verb|@STRENGTH| \\
- (GnuTLS) \verb|%| & special command & \verb|%NEW_PADDING| \\
+ \verb|+| & add at this position & \verb|ALL:+SHA256| \\
+ \verb|-| & remove at the current position & \verb|ALL:-SSLv3| \\
+ \verb|!| & permanently remove from selection & \verb|ALL:!3DES:!RC4| \\
+ (OpenSSL) \verb|@| & special command & \verb|ALL@STRENGTH| \\
+ (GnuTLS) \verb|%| & special command & \verb|NORMAL%NEW_PADDING| \\
\bottomrule
\end{tabular}
\end{center}
-
-%http://www.gnutls.org/manual/html_node/Priority-Strings.html
-%https://www.openssl.org/docs/apps/ciphers.html
+A list of special strings to use can be found in
+\url{http://www.gnutls.org/manual/html_node/Priority-Strings.html} for GnuTLS or
+\url{https://www.openssl.org/docs/apps/ciphers.html} for OpenSSL. There is, however, no
+common syntax for a cipher string throughout different SSL libraries.
%%azet:
% I think we should neglect this section since we do
git.bettercrypto.org / ach-master.git / commitdiff