SslSetEncryption Function

Action

Sets the Secure Socket Layer protocol version and the ciphers used when Silk Performer establishes a secure connection to the server.

Include file

WebAPI.bdh

Syntax

SslSetEncryption( in nVersion : number,
                  in sCiphers : string optional ): boolean;

Return value

true if successful
false otherwise

Parameter	Description
nVersion	Specifies the Secure Socket Layer protocol version used when Silk Performer establishes a secure connection to the server. Valid options are: SSL_VERSION_AUTO SSL_VERSION_SSL3 SSL_VERSION_TLS1 SSL_VERSION_TLS11 SSL_VERSION_TLS12 SSL_VERSION_TLS13
sCiphers	Optional: Specifies the ciphers used when Silk Performer establishes a secure connection to the server. Valid options are: SSL_CIPHERS_MEDIUM. Perform 128-bit encryption SSL_CIPHERS_HIGH. Use triple DES You can also specify any cipher as described on OpenSSL ciphers. If this parameter is omitted, Silk Performer uses its default ciphers. The `sCiphers` parameter can also be a string value with one or more cipher names, separated with a colon (:), or a combination of sets (`"SSLv3", "MEDIUM" or "HIGH"`) and cipher names, or even with logical operators, for example `"EXP:RC4-SHA:!HIGH"`. You can also mix TLSv1.3 ciphers with non-TLSv1.3 ciphers. Invalid cipher strings are ignored.

Parameter

Description

nVersion

Specifies the Secure Socket Layer protocol version used when Silk Performer establishes a secure connection to the server. Valid options are:

SSL_VERSION_AUTO
SSL_VERSION_SSL3
SSL_VERSION_TLS1
SSL_VERSION_TLS11
SSL_VERSION_TLS12
SSL_VERSION_TLS13

sCiphers

Optional: Specifies the ciphers used when Silk Performer establishes a secure connection to the server. Valid options are:

SSL_CIPHERS_MEDIUM. Perform 128-bit encryption
SSL_CIPHERS_HIGH. Use triple DES

You can also specify any cipher as described on OpenSSL ciphers. If this parameter is omitted, Silk Performer uses its default ciphers.

The sCiphers parameter can also be a string value with one or more cipher names, separated with a colon (:), or a combination of sets ("SSLv3", "MEDIUM" or "HIGH") and cipher names, or even with logical operators, for example "EXP:RC4-SHA:!HIGH". You can also mix TLSv1.3 ciphers with non-TLSv1.3 ciphers. Invalid cipher strings are ignored.

For a list of available cipher names, visit OpenSSL ciphers.

Example

dcltrans
  transaction TSecureHTTP
  begin
    SslSetEncryption(SSL_VERSION_SSL3, SSL_CIPHERS_SSLv3);
    WebUrl("https://www.company.com");
  end TSecureHTTP; 

  transaction TSecureHTTP1
  begin
    SslSetEncryption(SSL_VERSION_SSL3, "EXP-RC4-MD5:EXP-DES-CBC-SHA");
    WebUrl("https://www.company.com");
  end TSecureHTTP1;

    // no cipher specified, request vs. TLSv1.3 server, expected ciphersuite: TLS_AES_256_GCM_SHA384    
    SslSetEncryption(SSL_VERSION_TLS13);

    // ciphers set in specified order, request vs. TLSv1.3 server, expected ciphersuite is: TLS_AES_128_GCM_SHA256
    SslSetEncryption(SSL_VERSION_AUTO, "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384");   

    // set TLSv1.2 and TLSv1.3 ciphers, requests to TLSv1.2 and TLSv1.3 server
    SslSetEncryption(SSL_VERSION_AUTO, "ECDHE-RSA-AES128-GCM-SHA256:TLS_CHACHA20_POLY1305_SHA256");

    // same as above, but added some non-existing ciphers
    SslSetEncryption(SSL_VERSION_AUTO, "thisisnotacipher:ECDHE-RSA-AES128-GCM-SHA256:thisisnotaciphertoo:TLS_CHACHA20_POLY1305_SHA256:thisisalsonotacipher");

Sample scripts

WebSecure01.bdf, WebSecure02.bdf