[OpenBSD]

Manual Page Search Parameters

SSL_CTX_SET_MIN_PROTO_VERSION(3) Library Functions Manual SSL_CTX_SET_MIN_PROTO_VERSION(3)

SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_versionget and set minimum and maximum supported protocol version

#include <openssl/ssl.h>
int
SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version);
int
SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version);
int
SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
int
SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
int
SSL_set_min_proto_version(SSL *ssl, uint16_t version);
int
SSL_set_max_proto_version(SSL *ssl, uint16_t version);
int
SSL_get_min_proto_version(SSL *ssl);
int
SSL_get_max_proto_version(SSL *ssl);

These functions get or set the minimum and maximum supported protocol versions for ctx or ssl. This works in combination with the options set via SSL_CTX_set_options(3) that also make it possible to disable specific protocol versions. Use these functions instead of disabling specific protocol versions.
Setting the minimum or maximum version to 0 will enable protocol versions down to the lowest or up to the highest version supported by the library, respectively.
Currently supported versions are TLS1_VERSION, TLS1_1_VERSION, and TLS1_2_VERSION for TLS and DTLS1_VERSION for DTLS.
In other implementations, these functions may be implemented as macros.

The setter functions return 1 on success or 0 on failure.
The getter functions return the configured version or 0 if ctx or ssl has been configured to automatically use the lowest or highest version supported by the library.

ssl(3), SSL_CTX_new(3), SSL_CTX_set_options(3)

The setter functions first appeared in BoringSSL in December 2014, with shorter names without the proto_ part. Two years later, OpenSSL included them in their 1.1.0 release, gratuitiously changing the names; Google shrugged and adopted the longer names one month later. They have been available since OpenBSD 6.2.
The getter functions first appeared in OpenSSL 1.1.0g and have been available since OpenBSD 6.3.
March 24, 2018 OpenBSD-current