#include
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); int SSL_set_cipher_list(SSL *ssl, const char *str);
_S_S_L___s_e_t___c_i_p_h_e_r___l_i_s_t_(_) sets the list of ciphers only for ssssll.
It should be noted, that inclusion of a cipher to be used into the list is a necessary condition. On the client side, the inclusion into the list is also sufficient. On the server side, additional restrictions apply. All ciphers have additional requirements. ADH ciphers don't need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key.
A RSA cipher can only be chosen, when a RSA certificate is available. RSA export ciphers with a keylength of 512 bits for the RSA key require a temporary 512 bit RSA key, as typically the supplied key has a length of 1024 bit (see _S_S_L___C_T_X___s_e_t___t_m_p___r_s_a___c_a_l_l_b_a_c_k(3)). RSA ciphers using EDH need a certificate and key and additional DH-parameters (see _S_S_L___C_T_X___s_e_t___t_m_p___d_h___c_a_l_l_b_a_c_k(3)).
A DSA cipher can only be chosen, when a DSA certificate is available. DSA ciphers always use DH key exchange and therefore need DH-parameters (see _S_S_L___C_T_X___s_e_t___t_m_p___d_h___c_a_l_l_b_a_c_k(3)).
When these conditions are not met for any cipher in the list (e.g. a client only supports export RSA ciphers with a asymmetric key length of 512 bits and the server is not configured to use temporary RSA keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated and the handshake will fail.