SSL Cipher help in C

Question

I am trying to Use SSL on top of tcp/ip to send an HTTPS request to a site using C. I have no access to curl or other standard libraries. Pretend like i can't load any libraries at all.

I need to set an SSL Profile Cipher. When I successfully use curl on my linux box to talk with the server I see: SSL Connection using ECDHE-RSA-AES128-SHA

If my options for setting the cipher are:

• SSL_kRSA (RSA Key Exchange)
• SSL_kEDH (tmp DH key no DH cert)
• SSL_aRSA (Authenticate with RSA)
• SSL-aDSS (Authenticate with DSS)
• SSL_DES (DES)
• SSL_3DES (3DES)
• SSL_RC4 (RC4)
• SSL_RC2 (RC2)
• SSL_AES (AES)
• SSL_MD5 (MD5)
• SSL_SHA1 (SHA1)
• SSL_SHA256 (SHA256)
• SSL_SHA384 (SHA384)
• SSL_RSA ([SSL_kRSA|SSL_aRSA] RSA)
• SSL_DSS ([SSL_aDSS] Authenticate with DSS)

I can set multiple things by something like: SSL_RSA | SSL_AES

Protocol is TLSv1.2

What should my cipher look like?

Answer 1

"Pretend like i can't load any libraries at all." If that is true, you will need to implement the cipher itself plus the SSL handling layer ^_^.

Assuming you are using OpenSSL and have TCP established with socket_fd, you need to create a SSL_CTX with SSL_CTX_new (SSLv23_client_method()). Normally, to set the cipher list, you use SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL:@STRENGTH"), see http://openssl.org/docs/apps/ciphers.html for all available options, you may specific a particular cipher.

Then create a SSL session with SSL_new(ctx) and SSL_set_fd (ssl, socket_fd), after that use SSL_connect(...), SSL_read(...)/SSL_write(...) to communicate with server.

After all have been done, SSL_shutdown(...) and SSL_Free(...), SSL_CTX_Free(...).