120 Additionally, we need to delve into the selection of cipher suites. A cipher suite is a combination of lower-level algorithms that an SSL connection uses to do authentication, key exchange, and stream encryption. Suite selection is important because OpenSSL supports some algorithms for compatibility that we want to exclude for security reasons. Similarly, some of the cipher suites that are secure require an application to provide callbacks in order to be utilized. Learning how to do these things properly and extending our example for this final step will be the topic of this section.

5.1.4.1 Setting SSL options

The SSL_CTX_set_options function provides the developer with finer-grained control over the SSL connections spawned from the context. Using this function, we can enable the bug workarounds built into the OpenSSL library. For instance, a particular version of a Netscape product Netscape-Commerce 1.12 will truncate the material used for key generation. In order for our SSL programs to establish a connection to a peer with such a bug, we need to enable the workaround. These fixes are useful only to programs that will communicate with a peer known to have bugs, but enabling the workarounds does not hurt anything as a rule. These bug fixes can be enabled individually, but instead we should set the SSL_OP_ALL flag, which will enable all of the workaround code. Like the function SSL_CTX_set_verify , the second parameter to this function is a set of flags. Again, the flags can be combined with the logical OR operation. An important fact about this call is that once an option is set, it cant be cleared: this function only adds the options presented by the second argument to the options set contained in the SSL_CTX object. The new set of options is returned by this function. In addition to the workarounds for buggy SSL peers, this function allows us to tighten the security of our SSL connections. By setting the option SSL_OP_NO_SSLv2 , we prevent the SSLv2 protocol from being used. As we noted in Step 1, this is a very useful feature. Using this option, we can create an SSL_CTX object based on the compatibility method, SSLv23_method , and the context will not allow SSLv2 peers. This is useful since electing to base our context upon either SSLv3_method or TLSv1_method would prevent the other from connecting correctly. Two server-side-only options that bear consideration are SSL_OP_EPHEMERAL_RSA and SSL_OP_SINGLE_DH_USE . The former causes our context object to attempt to use a temporary RSA key for the key exchange. The details of this process are discussed below, but generally, this option should never be used, since it violates the SSLTLS protocol specification. We discuss the SSL_OP_SINGLE_DH_USE flag in the next section.

5.1.4.2 Ephemeral keying