SSL_CTX_NEW(3) | Library Functions Manual | SSL_CTX_NEW(3) |
SSL_CTX_new
,
SSL_CTX_up_ref
, TLS_method
,
TLS_server_method
,
TLS_client_method
,
SSLv23_method
,
SSLv23_server_method
,
SSLv23_client_method
,
TLSv1_method
,
TLSv1_server_method
,
TLSv1_client_method
,
TLSv1_1_method
,
TLSv1_1_server_method
,
TLSv1_1_client_method
,
TLSv1_2_method
,
TLSv1_2_server_method
,
TLSv1_2_client_method
,
DTLS_method
,
DTLS_server_method
,
DTLS_client_method
,
DTLSv1_method
,
DTLSv1_server_method
,
DTLSv1_client_method
—
create a new SSL_CTX object as framework for TLS/SSL
enabled functions
#include
<openssl/ssl.h>
SSL_CTX *
SSL_CTX_new
(const
SSL_METHOD *method);
int
SSL_CTX_up_ref
(SSL_CTX
*ctx);
const SSL_METHOD *
TLS_method
(void);
const SSL_METHOD *
TLS_server_method
(void);
const SSL_METHOD *
TLS_client_method
(void);
const SSL_METHOD *
SSLv23_method
(void);
const SSL_METHOD *
SSLv23_server_method
(void);
const SSL_METHOD *
SSLv23_client_method
(void);
const SSL_METHOD *
TLSv1_method
(void);
const SSL_METHOD *
TLSv1_server_method
(void);
const SSL_METHOD *
TLSv1_client_method
(void);
const SSL_METHOD *
TLSv1_1_method
(void);
const SSL_METHOD *
TLSv1_1_server_method
(void);
const SSL_METHOD *
TLSv1_1_client_method
(void);
const SSL_METHOD *
TLSv1_2_method
(void);
const SSL_METHOD *
TLSv1_2_server_method
(void);
const SSL_METHOD *
TLSv1_2_client_method
(void);
const SSL_METHOD *
DTLS_method
(void);
const SSL_METHOD *
DTLS_server_method
(void);
const SSL_METHOD *
DTLS_client_method
(void);
const SSL_METHOD *
DTLSv1_method
(void);
const SSL_METHOD *
DTLSv1_server_method
(void);
const SSL_METHOD *
DTLSv1_client_method
(void);
SSL_CTX_new
() creates a new
SSL_CTX object as framework to establish TLS/SSL or
DTLS enabled connections. It initializes the list of ciphers, the session
cache setting, the callbacks, the keys and certificates, and the options to
its default values.
An SSL_CTX object is reference counted.
Creating a new SSL_CTX object sets its reference count
to 1. Calling SSL_CTX_up_ref
() on it increments the
reference count by 1. Calling
SSL_CTX_free(3) on it decrements
the reference count by 1. When the reference count drops to zero, any memory
or resources allocated to the SSL_CTX object are
freed.
The SSL_CTX object uses method as its connection method. The methods exist in a generic type (for client and server use), a server only type, and a client only type. method can be of the following types:
TLS_method
(),
TLS_server_method
(),
TLS_client_method
()SSLv23_method
(),
SSLv23_server_method
(),
SSLv23_client_method
()TLS_method
(),
TLS_server_method
(), and
TLS_client_method
(), respectively. New code should
use those functions instead.TLSv1_method
(),
TLSv1_server_method
(),
TLSv1_client_method
()TLSv1_1_method
(),
TLSv1_1_server_method
(),
TLSv1_1_client_method
()TLSv1_2_method
(),
TLSv1_2_server_method
(),
TLSv1_2_client_method
()DTLS_method
(),
DTLS_server_method
(),
DTLS_client_method
()DTLSv1_method
(),
DTLSv1_server_method
(),
DTLSv1_client_method
()The list of protocols available can also be limited using the
SSL_OP_NO_TLSv1
,
SSL_OP_NO_TLSv1_1
, and
SSL_OP_NO_TLSv1_2
options of the
SSL_CTX_set_options(3) or
SSL_set_options(3) functions,
but this approach is not recommended. Clients should avoid creating
"holes" in the set of protocols they support. When disabling a
protocol, make sure that you also disable either all previous or all
subsequent protocol versions. In clients, when a protocol version is
disabled without disabling all previous protocol versions, the effect is to
also disable all subsequent protocol versions.
SSL_CTX_new
() returns a pointer to the
newly allocated object or NULL
on failure. Check the
error stack to find out the reason for failure.
SSL_CTX_up_ref
() returns 1 for success or
0 for failure.
ssl(3), SSL_accept(3), SSL_CTX_free(3), SSL_CTX_set_min_proto_version(3), SSL_CTX_set_options(3), SSL_set_connect_state(3)
SSL_CTX_new
() first appeared in SSLeay
0.5.1. SSLv23_method
(),
SSLv23_server_method
(), and
SSLv23_client_method
() first appeared in SSLeay
0.8.0. TLSv1_method
(),
TLSv1_server_method
(), and
TLSv1_client_method
() first appeared in SSLeay
0.9.0. All these functions have been available since
OpenBSD 2.4.
DTLSv1_method
(),
DTLSv1_server_method
(), and
DTLSv1_client_method
() first appeared in OpenSSL
0.9.8 and have been available since OpenBSD 4.5.
TLSv1_1_method
(),
TLSv1_1_server_method
(),
TLSv1_1_client_method
(),
TLSv1_2_method
(),
TLSv1_2_server_method
(), and
TLSv1_2_client_method
() first appeared in OpenSSL
1.0.1 and have been available since OpenBSD 5.3.
DTLS_method
(),
DTLS_server_method
(), and
DTLS_client_method
() first appeared in OpenSSL 1.0.2
and have been available since OpenBSD 6.5.
TLS_method
(),
TLS_server_method
(), and
TLS_client_method
() first appeared in OpenSSL 1.1.0
and have been available since OpenBSD 5.8.
SSL_CTX_up_ref
() first appeared in OpenSSL
1.1.0 and has been available since OpenBSD 6.3.
March 18, 2019 | OpenBSD-current |