]>
Commit | Line | Data |
---|---|---|
c19b6c92 RL |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
e12bee78 | 5 | SSL_CTX_set_ssl_version, SSL_CTX_get_ssl_method, SSL_set_ssl_method, SSL_get_ssl_method |
c19b6c92 RL |
6 | - choose a new TLS/SSL method |
7 | ||
8 | =head1 SYNOPSIS | |
9 | ||
10 | #include <openssl/ssl.h> | |
11 | ||
4ebb342f | 12 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); |
e12bee78 HL |
13 | const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); |
14 | ||
4ebb342f | 15 | int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); |
3499327b | 16 | const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); |
c19b6c92 RL |
17 | |
18 | =head1 DESCRIPTION | |
19 | ||
20 | SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects | |
dd0164e7 BK |
21 | newly created from this B<ctx>. Most of the configuration attached to the |
22 | SSL_CTX object is retained, with the exception of the configured TLS ciphers, | |
23 | which are reset to the default values. SSL objects already created from this | |
24 | SSL_CTX with L<SSL_new(3)> are not affected, except when L<SSL_clear(3)> is | |
25 | being called, as described below. | |
c19b6c92 | 26 | |
e12bee78 HL |
27 | SSL_CTX_get_ssl_method() returns the SSL_METHOD which was used to construct the |
28 | SSL_CTX. | |
29 | ||
c19b6c92 RL |
30 | SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl> |
31 | object. It may be reset, when SSL_clear() is called. | |
32 | ||
e12bee78 | 33 | SSL_get_ssl_method() returns a pointer to the TLS/SSL method |
c19b6c92 RL |
34 | set in B<ssl>. |
35 | ||
36 | =head1 NOTES | |
37 | ||
38 | The available B<method> choices are described in | |
9b86974e | 39 | L<SSL_CTX_new(3)>. |
c19b6c92 | 40 | |
9b86974e | 41 | When L<SSL_clear(3)> is called and no session is connected to |
b72ff470 LJ |
42 | an SSL object, the method of the SSL object is reset to the method currently |
43 | set in the corresponding SSL_CTX object. | |
c19b6c92 | 44 | |
dd0164e7 BK |
45 | SSL_CTX_set_version() has unusual semantics and no clear use case; |
46 | it would usually be preferable to create a new SSL_CTX object than to | |
47 | try to reuse an existing one in this fashion. Its usage is considered | |
48 | deprecated. | |
49 | ||
3ea30e76 | 50 | SSL_set_ssl_method() cannot be used to change a non-QUIC SSL object to a QUIC |
d6e7ebba HL |
51 | SSL object or vice versa, or change a QUIC SSL object from one QUIC method to |
52 | another. | |
3ea30e76 | 53 | |
c19b6c92 RL |
54 | =head1 RETURN VALUES |
55 | ||
56 | The following return values can occur for SSL_CTX_set_ssl_version() | |
57 | and SSL_set_ssl_method(): | |
58 | ||
59 | =over 4 | |
60 | ||
c8919dde | 61 | =item Z<>0 |
c19b6c92 RL |
62 | |
63 | The new choice failed, check the error stack to find out the reason. | |
64 | ||
c8919dde | 65 | =item Z<>1 |
c19b6c92 RL |
66 | |
67 | The operation succeeded. | |
68 | ||
69 | =back | |
70 | ||
e12bee78 HL |
71 | SSL_CTX_get_ssl_method() and SSL_get_ssl_method() always return non-NULL |
72 | pointers. | |
73 | ||
c19b6c92 RL |
74 | =head1 SEE ALSO |
75 | ||
9b86974e | 76 | L<SSL_CTX_new(3)>, L<SSL_new(3)>, |
b97fdb57 | 77 | L<SSL_clear(3)>, L<ssl(7)>, |
9b86974e | 78 | L<SSL_set_connect_state(3)> |
c19b6c92 | 79 | |
dd0164e7 BK |
80 | =head1 HISTORY |
81 | ||
82 | SSL_CTX_set_ssl_version() was deprecated in OpenSSL 3.0. | |
83 | ||
e2f92610 RS |
84 | =head1 COPYRIGHT |
85 | ||
da1c088f | 86 | Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 87 | |
4746f25a | 88 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
89 | this file except in compliance with the License. You can obtain a copy |
90 | in the file LICENSE in the source distribution or at | |
91 | L<https://www.openssl.org/source/license.html>. | |
92 | ||
93 | =cut |