OpenBSD manual page server

NAME

SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version — set minimum and maximum supported protocol version

SYNOPSIS

#include <openssl/ssl.h>

int
SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version);

int
SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version);

int
SSL_set_min_proto_version(SSL *ssl, uint16_t version);

int
SSL_set_max_proto_version(SSL *ssl, uint16_t version);

DESCRIPTION

These functions set the minimum and maximum supported protocol versions for ctx or ssl. This works in combination with the options set via SSL_CTX_set_options(3) that also make it possible to disable specific protocol versions. Use these functions instead of disabling specific protocol versions.

Setting the minimum or maximum version to 0 will enable protocol versions down to the lowest or up to the highest version supported by the library, respectively.

Currently supported versions are TLS1_VERSION, TLS1_1_VERSION, and TLS1_2_VERSION for TLS and DTLS1_VERSION for DTLS.

RETURN VALUES

These functions return 1 on success or 0 on failure.

SEE ALSO

ssl(3), SSL_CTX_new(3), SSL_CTX_set_options(3)

HISTORY

These functions first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 6.2.