Zilog EZ80F91AZA User Manual

UM020107-1211

SSL Configuration

ZTP Network Security SSL Plug-In

User Manual

32

#define TLS_RSA_WITH_AES_128_CBC_SHA

0x2F00

#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA

0x0D00

#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

0x1300

The

KeyAlg

entry identifies the algorithm that the ZTP Network Security SSL Plug-In

uses to arrive at a shared secret between the client and server when using this cipher suite.
The macros that the ZTP Network Security SSL Plug-In uses for the

KeyAlg

codes are

defined in the

ez80_pki.h

header file and are shown in the following code fragment.

#define SSL_PKI_RSA

1

#define SSL_PKI_DH

2

#define SSL_PKI_DHE_RSA

3

#define SSL_PKI_DHE_DSS

4

The

CipherAlg

entry identifies one of the supported cipher algorithms (see the

ez80_cipher.h

header file).

#define SSL_CIPHER_NULL

0

#define SSL_CIPHER_RC4

1

#define SSL_CIPHER_DES

2

#define SSL_CIPHER_3DES

3

#define SSL_CIPHER_AES

4

The

HashAlg

entry identifies one of the supported digest algorithms (see the

ez80_hash.h

header file).

#define SSL_HASH_NULL

0

#define SSL_HASH_MD5

1

#define SSL_HASH_HMAC_MD5

2

#define SSL_HASH_SHA1

3

#define SSL_HASH_HMAC_SHA1

4

The

IsExport

entry indicates whether this cipher suite can be exported for use outside

the United States. Only those cipher suites that contain the word EXPORT in the mne-
monic can be used in products outside the United States without government approval. All
exportable SSL cipher suites implemented by the ZTP Network Security SSL Plug-In use
an effective 40-bit symmetric key and restrict the modulus in the key exchange algorithm
to a maximum of 512 bits

2

.

The

KeySize

entry specifies the number of bytes in the symmetric key that are used by

the cipher algorithm.

2. Although these limits are below current United States export law requirements, source code customers are advised to seek

government counsel before modifying the SSL protocol to allow longer keys in exported cipher suites.