Zilog EZ80F91AZA User Manual
Page 33
UM020107-1211
SSL Configuration
ZTP Network Security SSL Plug-In
User Manual
27
algorithms, there is a possibility that the client and server will be able to determine at least
one common algorithm that can be used to encrypt data. However, if a weak cipher algo-
rithm is included in the set of supported cipher algorithms, then it is possible that at some
point, a session could be established with the weaker algorithm.
The ZTP Network Security SSL Plug-In uses a global array, named the
CipherGen
array,
that determines which symmetric ciphers are available for encrypting data. This array is
located in the
cipher_conf.c
configuration file. The default setting of the
CipherGen
array is shown in the following code fragment.
CIPHER_NEW
CipherGen[ SSL_MAX_CIPHERS ] =
{
NullCipher_New,
RC4_New,
DES_New,
DES3_New,
AES_New
};
Each entry in the array is a function pointer used to initialize a data structure that the SSL
handshake protocols use to perform encryption and decryption operations.
NullCipher
does not perform any useful function, but it must be included in the
CipherGen
array for
proper operation of the SSL protocol.
The ordering of entries in the
CipherGen
array is not arbitrary, and is determined by the
ordinal values of the following macros (see the
ez80_cipher.h
header file); the values
of these macros must not be altered.
#define SSL_CIPHER_RC4
1
#define SSL_CIPHER_DES
2
#define SSL_CIPHER_3DES
3
#define SSL_CIPHER_AES
4
If an application does not require the use of a particular cipher, its entry in the
CipherGen
array can be replaced with the
NullCipher_Init
function pointer. This pointer has the
effect of causing the linker to remove the cipher algorithm from the generated program
image. For example, if an application does not use the AES cipher, the
CipherGen
array
can be reconfigured, as shown in the following code fragment:
CIPHER_NEW
CipherGen[ SSL_MAX_CIPHERS ] =
{
NullCipher_New,
RC4_New,
DES_New,
DES3_New,