[thirdparty/openssl.git] / doc / man3 / SSL_CTX_set_ssl_version.pod

=pod

=head1 NAME

SSL_CTX_set_ssl_version, SSL_CTX_get_ssl_method, SSL_set_ssl_method, SSL_get_ssl_method
- choose a new TLS/SSL method

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method);
 const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);

 int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
 const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl);

=head1 DESCRIPTION

SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects
newly created from this B<ctx>.  Most of the configuration attached to the
SSL_CTX object is retained, with the exception of the configured TLS ciphers,
which are reset to the default values.  SSL objects already created from this
SSL_CTX with L<SSL_new(3)> are not affected, except when L<SSL_clear(3)> is
being called, as described below.

SSL_CTX_get_ssl_method() returns the SSL_METHOD which was used to construct the
SSL_CTX.

SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
object. It may be reset, when SSL_clear() is called.

SSL_get_ssl_method() returns a pointer to the TLS/SSL method
set in B<ssl>.

=head1 NOTES

The available B<method> choices are described in
L<SSL_CTX_new(3)>.

When L<SSL_clear(3)> is called and no session is connected to
an SSL object, the method of the SSL object is reset to the method currently
set in the corresponding SSL_CTX object.

SSL_CTX_set_version() has unusual semantics and no clear use case;
it would usually be preferable to create a new SSL_CTX object than to
try to reuse an existing one in this fashion.  Its usage is considered
deprecated.

SSL_set_ssl_method() cannot be used to change a non-QUIC SSL object to a QUIC
SSL object or vice versa, or change a QUIC SSL object from one QUIC method to
another.

=head1 RETURN VALUES

The following return values can occur for SSL_CTX_set_ssl_version()
and SSL_set_ssl_method():

=over 4

=item Z<>0

The new choice failed, check the error stack to find out the reason.

=item Z<>1

The operation succeeded.

=back

SSL_CTX_get_ssl_method() and SSL_get_ssl_method() always return non-NULL
pointers.

=head1 SEE ALSO

L<SSL_CTX_new(3)>, L<SSL_new(3)>,
L<SSL_clear(3)>, L<ssl(7)>,
L<SSL_set_connect_state(3)>

=head1 HISTORY

SSL_CTX_set_ssl_version() was deprecated in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
c19b6c92 RL	1	=pod
	2
	3	=head1 NAME
	4
e12bee78	5	SSL_CTX_set_ssl_version, SSL_CTX_get_ssl_method, SSL_set_ssl_method, SSL_get_ssl_method
c19b6c92 RL	6	- choose a new TLS/SSL method
	7
	8	=head1 SYNOPSIS
	9
	10	#include <openssl/ssl.h>
	11
4ebb342f	12	int SSL_CTX_set_ssl_version(SSL_CTX ctx, const SSL_METHOD method);
e12bee78 HL	13	const SSL_METHOD SSL_CTX_get_ssl_method(const SSL_CTX ctx);
e12bee78 HL	14
4ebb342f	15	int SSL_set_ssl_method(SSL s, const SSL_METHOD method);
3499327b	16	const SSL_METHOD SSL_get_ssl_method(const SSL ssl);
c19b6c92 RL	17
	18	=head1 DESCRIPTION
	19
	20	SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects
dd0164e7 BK	21	newly created from this B<ctx>. Most of the configuration attached to the
	22	SSL_CTX object is retained, with the exception of the configured TLS ciphers,
	23	which are reset to the default values. SSL objects already created from this
	24	SSL_CTX with L<SSL_new(3)> are not affected, except when L<SSL_clear(3)> is
	25	being called, as described below.
c19b6c92	26
e12bee78 HL	27	SSL_CTX_get_ssl_method() returns the SSL_METHOD which was used to construct the
	28	SSL_CTX.
	29
c19b6c92 RL	30	SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
	31	object. It may be reset, when SSL_clear() is called.
	32
e12bee78	33	SSL_get_ssl_method() returns a pointer to the TLS/SSL method
c19b6c92 RL	34	set in B<ssl>.
	35
	36	=head1 NOTES
	37
	38	The available B<method> choices are described in
9b86974e	39	L<SSL_CTX_new(3)>.
c19b6c92	40
9b86974e	41	When L<SSL_clear(3)> is called and no session is connected to
b72ff470 LJ	42	an SSL object, the method of the SSL object is reset to the method currently
b72ff470 LJ	43	set in the corresponding SSL_CTX object.
c19b6c92	44
dd0164e7 BK	45	SSL_CTX_set_version() has unusual semantics and no clear use case;
	46	it would usually be preferable to create a new SSL_CTX object than to
	47	try to reuse an existing one in this fashion. Its usage is considered
	48	deprecated.
	49
3ea30e76	50	SSL_set_ssl_method() cannot be used to change a non-QUIC SSL object to a QUIC
d6e7ebba HL	51	SSL object or vice versa, or change a QUIC SSL object from one QUIC method to
d6e7ebba HL	52	another.
3ea30e76	53
c19b6c92 RL	54	=head1 RETURN VALUES
	55
	56	The following return values can occur for SSL_CTX_set_ssl_version()
	57	and SSL_set_ssl_method():
	58
	59	=over 4
	60
c8919dde	61	=item Z<>0
c19b6c92 RL	62
	63	The new choice failed, check the error stack to find out the reason.
	64
c8919dde	65	=item Z<>1
c19b6c92 RL	66
	67	The operation succeeded.
	68
	69	=back
	70
e12bee78 HL	71	SSL_CTX_get_ssl_method() and SSL_get_ssl_method() always return non-NULL
	72	pointers.
	73
c19b6c92 RL	74	=head1 SEE ALSO
c19b6c92 RL	75
9b86974e	76	L<SSL_CTX_new(3)>, L<SSL_new(3)>,
b97fdb57	77	L<SSL_clear(3)>, L<ssl(7)>,
9b86974e	78	L<SSL_set_connect_state(3)>
c19b6c92	79
dd0164e7 BK	80	=head1 HISTORY
	81
	82	SSL_CTX_set_ssl_version() was deprecated in OpenSSL 3.0.
	83
e2f92610 RS	84	=head1 COPYRIGHT
e2f92610 RS	85
da1c088f	86	Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	87
4746f25a	88	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	89	this file except in compliance with the License. You can obtain a copy
	90	in the file LICENSE in the source distribution or at
	91	L<https://www.openssl.org/source/license.html>.
	92
	93	=cut