System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
};<br />
program called when a<br />
certificate is received<br />
during SSL handshake */<br />
The fields within the SSLHandle structure as pointed to by handle are defined as follows:<br />
int fd (input) The socket descriptor of the connection for which the SSL handshake protocol is<br />
to be performed. This field was initialized by a prior SSL_Create() API.<br />
int createFlags (input) Whether or not the SSL protocol is to be used. If the field specifies a value that<br />
does not include the SSL_ENCRYPT flag, then this function will return success<br />
without performing the SSL handshake protocol. This field was initialized by a<br />
prior SSL_Create() API.<br />
unsigned int protocol<br />
(input/output)<br />
The type of SSL handshake protocol to be performed. The protocol(s) that are<br />
acceptable as the handshake protocol for this job. The following values may be<br />
specified for protocol and are defined in .<br />
SSL_VERSION_CURRENT 0 (TLS with SSL Version 3.0 and SSL<br />
Version 2.0 compatibility)<br />
SSL_VERSION_2 2 (SSL Version 2.0 only)<br />
SSL_VERSION_3 3 (SSL Version 3.0 only)<br />
TLS_VERSION_1 4 (TLS Version 1 only)<br />
TLSV1_SSLV3 5 (TLS Version 1 with SSL<br />
Version 3.0 compatibility)<br />
unsigned timeout (input)<br />
Upon return, this field will be set to reflect the protocol version actually<br />
negotiated. If the createFlags field specifies a value that does not include the<br />
SSL_ENCRYPT flag, then this field will be unchanged from its input value.<br />
The approximate number of seconds to wait for the SSL handshake protocol to<br />
complete. A value of 0 indicates to wait forever for the handshake to complete.<br />
unsigned char cipherKind[3] The cipher kind (which is the SSL Version 2.0 cipher suite) negotiated by the<br />
(output)<br />
handshake.<br />
unsigned short int cipherSuite<br />
(output)<br />
The cipher suite type negotiated by the handshake.<br />
unsigned short int*<br />
cipherSuiteList (input)<br />
A pointer to a cipher specification list that is to be used during the handshake<br />
negotiation for this SSL session. This list is a string of concatenated cipher<br />
specification values. Each cipher specification is an unsigned short integer value.<br />
Any value provided will override, for this SSL session, the default cipher<br />
specification list provided by a previous SSL_Init() API or SSL_Init_Application()<br />
API . The valid cipher suites allowed are defined in . A value of<br />
NULL indicates one of the following:<br />
v<br />
Use the cipher specification list provided by a previous SSL_Init(),<br />
QlgSSL_Init() or SSL_Init_Application() API call.<br />
v Use the system default cipher specification list if the previous SSL_Init(),<br />
QlgSSL_Init() or SSL_Init_Application() API call did not provide a cipher<br />
specification list.<br />
The current default cipher suite list can be different from the install time list<br />
due to changes made to the QSSLCSL (SSL cipher specification list) system<br />
value via the Change <strong>System</strong> Value (CHGSYSVAL) command. A cipher suite<br />
removed from the SSL cipher specification list will also be removed from the<br />
default cipher suite list shown here. The order of the cipher suites in QSSLCSL<br />
will be used to order the cipher suites in the default list.<br />
The Display <strong>System</strong> Value (DSPSYSVAL) command or the Retrieve <strong>System</strong><br />
Values (QWCRSVAL) API can be used to determine the current setting of the<br />
supported ciphers (QSSLCSL) for system SSL.<br />
<strong>Secure</strong> <strong>Sockets</strong> <strong>APIs</strong> 75