SslSetEncryption Function

Action

Sets the Secure Socket Layer protocol version and the ciphers used when Silk Performer establishes a secure connection to the server.

Include file

WebAPI.bdh

Syntax

SslSetEncryption( in nVersion : number,
                  in sCiphers : string optional ): boolean;

Return value

  • true if successful

  • false otherwise

Parameter Description
nVersion Specifies the Secure Socket Layer protocol version used when Silk Performer establishes a secure connection to the server. Valid options are:
  • SSL_VERSION_AUTO
  • SSL_VERSION_SSL3
  • SSL_VERSION_TLS1
  • SSL_VERSION_TLS11
  • SSL_VERSION_TLS12
  • SSL_VERSION_TLS13
sCiphers Optional: Specifies the ciphers used when Silk Performer establishes a secure connection to the server. Valid options are:
  • SSL_CIPHERS_MEDIUM. Perform 128-bit encryption
  • SSL_CIPHERS_HIGH. Use triple DES

You can also specify any cipher as described on OpenSSL ciphers. If this parameter is omitted, Silk Performer uses its default ciphers.

The sCiphers parameter can also be a string value with one or more cipher names, separated with a colon (:), or a combination of sets ("SSLv3", "MEDIUM" or "HIGH") and cipher names, or even with logical operators, for example "EXP:RC4-SHA:!HIGH". You can also mix TLSv1.3 ciphers with non-TLSv1.3 ciphers. Invalid cipher strings are ignored.

For a list of available cipher names, visit OpenSSL ciphers.

Example

dcltrans
  transaction TSecureHTTP
  begin
    SslSetEncryption(SSL_VERSION_SSL3, SSL_CIPHERS_SSLv3);
    WebUrl("https://www.company.com");
  end TSecureHTTP; 

  transaction TSecureHTTP1
  begin
    SslSetEncryption(SSL_VERSION_SSL3, "EXP-RC4-MD5:EXP-DES-CBC-SHA");
    WebUrl("https://www.company.com");
  end TSecureHTTP1;

    // no cipher specified, request vs. TLSv1.3 server, expected ciphersuite: TLS_AES_256_GCM_SHA384    
    SslSetEncryption(SSL_VERSION_TLS13);

    // ciphers set in specified order, request vs. TLSv1.3 server, expected ciphersuite is: TLS_AES_128_GCM_SHA256
    SslSetEncryption(SSL_VERSION_AUTO, "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384");   

    // set TLSv1.2 and TLSv1.3 ciphers, requests to TLSv1.2 and TLSv1.3 server
    SslSetEncryption(SSL_VERSION_AUTO, "ECDHE-RSA-AES128-GCM-SHA256:TLS_CHACHA20_POLY1305_SHA256");

    // same as above, but added some non-existing ciphers
    SslSetEncryption(SSL_VERSION_AUTO, "thisisnotacipher:ECDHE-RSA-AES128-GCM-SHA256:thisisnotaciphertoo:TLS_CHACHA20_POLY1305_SHA256:thisisalsonotacipher");

Sample scripts

WebSecure01.bdf, WebSecure02.bdf