SSL_CTX_NEW(3) | Library Functions Manual | SSL_CTX_NEW(3) |
SSL_CTX_new
,
TLS_method
,
TLS_server_method
,
TLS_client_method
,
SSLv23_method
,
SSLv23_server_method
,
SSLv23_client_method
,
TLSv1_method
,
TLSv1_server_method
,
TLSv1_client_method
,
TLSv1_1_method
,
TLSv1_1_server_method
,
TLSv1_1_client_method
,
TLSv1_2_method
,
TLSv1_2_server_method
,
TLSv1_2_client_method
,
DTLSv1_method
,
DTLSv1_server_method
,
DTLSv1_client_method
—
create a new SSL_CTX object as framework for TLS/SSL
enabled functions
#include
<openssl/ssl.h>
SSL_CTX *
SSL_CTX_new
(const
SSL_METHOD *method);
const SSL_METHOD *
TLS_method
(void);
const SSL_METHOD *
TLS_server_method
(void);
const SSL_METHOD *
TLS_client_method
(void);
const SSL_METHOD *
SSLv23_method
(void);
const SSL_METHOD *
SSLv23_server_method
(void);
const SSL_METHOD *
SSLv23_client_method
(void);
const SSL_METHOD *
TLSv1_method
(void);
const SSL_METHOD *
TLSv1_server_method
(void);
const SSL_METHOD *
TLSv1_client_method
(void);
const SSL_METHOD *
TLSv1_1_method
(void);
const SSL_METHOD *
TLSv1_1_server_method
(void);
const SSL_METHOD *
TLSv1_1_client_method
(void);
const SSL_METHOD *
TLSv1_2_method
(void);
const SSL_METHOD *
TLSv1_2_server_method
(void);
const SSL_METHOD *
TLSv1_2_client_method
(void);
const SSL_METHOD *
DTLSv1_method
(void);
const SSL_METHOD *
DTLSv1_server_method
(void);
const SSL_METHOD *
DTLSv1_client_method
(void);
SSL_CTX_new
()
creates a new SSL_CTX object as framework to establish
TLS/SSL or DTLS enabled connections. It initializes the list of ciphers, the
session cache setting, the callbacks, the keys and certificates, and the
options to its default values.
The SSL_CTX object uses method as its connection method. The methods exist in a generic type (for client and server use), a server only type, and a client only type. method can be of the following types:
TLS_method
(),
TLS_server_method
(),
TLS_client_method
()SSLv23_method
(),
SSLv23_server_method
(),
SSLv23_client_method
()TLS_method
(),
TLS_server_method
(), and
TLS_client_method
(), respectively. New code should
use those functions instead.TLSv1_method
(),
TLSv1_server_method
(),
TLSv1_client_method
()TLSv1_1_method
(),
TLSv1_1_server_method
(),
TLSv1_1_client_method
()TLSv1_2_method
(),
TLSv1_2_server_method
(),
TLSv1_2_client_method
()DTLSv1_method
(),
DTLSv1_server_method
(),
DTLSv1_client_method
()The list of protocols available can also be limited using the
SSL_OP_NO_TLSv1
,
SSL_OP_NO_TLSv1_1
, and
SSL_OP_NO_TLSv1_2
options of the
SSL_CTX_set_options(3)
or
SSL_set_options(3)
functions, but this approach is not recommended. Clients should avoid
creating "holes" in the set of protocols they support. When
disabling a protocol, make sure that you also disable either all previous or
all subsequent protocol versions. In clients, when a protocol version is
disabled without disabling all previous protocol versions, the effect is to
also disable all subsequent protocol versions.
The following return values can occur:
NULL
ssl(3), SSL_accept(3), SSL_CTX_free(3), SSL_set_connect_state(3)
November 30, 2016 | OpenBSD-6.1 |