[thirdparty/openssl.git] / doc / man3 / SSL_CTX_set_timeout.pod

=pod

=head1 NAME

SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
 long SSL_CTX_get_timeout(SSL_CTX *ctx);

=head1 DESCRIPTION

SSL_CTX_set_timeout() sets the timeout for newly created sessions for
B<ctx> to B<t>. The timeout value B<t> must be given in seconds.

SSL_CTX_get_timeout() returns the currently set timeout value for B<ctx>.

=head1 NOTES

Whenever a new session is created, it is assigned a maximum lifetime. This
lifetime is specified by storing the creation time of the session and the
timeout value valid at this time. If the actual time is later than creation
time plus timeout, the session is not reused.

Due to this realization, all sessions behave according to the timeout value
valid at the time of the session negotiation. Changes of the timeout value
do not affect already established sessions.

The expiration time of a single session can be modified using the
L<SSL_SESSION_get_time(3)> family of functions.

Expired sessions are removed from the internal session cache, whenever
L<SSL_CTX_flush_sessions(3)> is called, either
directly by the application or automatically (see
L<SSL_CTX_set_session_cache_mode(3)>)

The default value for session timeout is decided on a per protocol
basis, see L<SSL_get_default_timeout(3)>.
All currently supported protocols have the same default timeout value
of 300 seconds.

This timeout value is used as the ticket lifetime hint for stateless session
tickets. It is also used as the timeout value within the ticket itself.

For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
seconds).

For TLSv1.2, tickets generated during an initial handshake use the value
as specified. Tickets generated during a resumed handshake have a value
of 0 for the ticket lifetime hint.

=head1 RETURN VALUES

SSL_CTX_set_timeout() returns the previously set timeout value.

SSL_CTX_get_timeout() returns the currently set timeout value.

=head1 SEE ALSO

L<ssl(7)>,
L<SSL_CTX_set_session_cache_mode(3)>,
L<SSL_SESSION_get_time(3)>,
L<SSL_CTX_flush_sessions(3)>,
L<SSL_get_default_timeout(3)>

=head1 COPYRIGHT

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
0bc6597d LJ	1	=pod
	2
	3	=head1 NAME
	4
	5	SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching
	6
	7	=head1 SYNOPSIS
	8
	9	#include <openssl/ssl.h>
	10
	11	long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
	12	long SSL_CTX_get_timeout(SSL_CTX *ctx);
	13
	14	=head1 DESCRIPTION
	15
	16	SSL_CTX_set_timeout() sets the timeout for newly created sessions for
	17	B<ctx> to B<t>. The timeout value B<t> must be given in seconds.
	18
	19	SSL_CTX_get_timeout() returns the currently set timeout value for B<ctx>.
	20
	21	=head1 NOTES
	22
	23	Whenever a new session is created, it is assigned a maximum lifetime. This
	24	lifetime is specified by storing the creation time of the session and the
	25	timeout value valid at this time. If the actual time is later than creation
	26	time plus timeout, the session is not reused.
	27
	28	Due to this realization, all sessions behave according to the timeout value
	29	valid at the time of the session negotiation. Changes of the timeout value
	30	do not affect already established sessions.
	31
	32	The expiration time of a single session can be modified using the
9b86974e	33	L<SSL_SESSION_get_time(3)> family of functions.
0bc6597d LJ	34
0bc6597d LJ	35	Expired sessions are removed from the internal session cache, whenever
9b86974e	36	L<SSL_CTX_flush_sessions(3)> is called, either
0bc6597d	37	directly by the application or automatically (see
9b86974e	38	L<SSL_CTX_set_session_cache_mode(3)>)
0bc6597d	39
52129c0b	40	The default value for session timeout is decided on a per protocol
9b86974e	41	basis, see L<SSL_get_default_timeout(3)>.
52129c0b LJ	42	All currently supported protocols have the same default timeout value
52129c0b LJ	43	of 300 seconds.
0bc6597d	44
0089cc7f TS	45	This timeout value is used as the ticket lifetime hint for stateless session
	46	tickets. It is also used as the timeout value within the ticket itself.
	47
	48	For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
	49	seconds).
	50
	51	For TLSv1.2, tickets generated during an initial handshake use the value
	52	as specified. Tickets generated during a resumed handshake have a value
	53	of 0 for the ticket lifetime hint.
	54
0bc6597d LJ	55	=head1 RETURN VALUES
	56
	57	SSL_CTX_set_timeout() returns the previously set timeout value.
	58
	59	SSL_CTX_get_timeout() returns the currently set timeout value.
	60
	61	=head1 SEE ALSO
	62
b97fdb57	63	L<ssl(7)>,
9b86974e RS	64	L<SSL_CTX_set_session_cache_mode(3)>,
	65	L<SSL_SESSION_get_time(3)>,
	66	L<SSL_CTX_flush_sessions(3)>,
	67	L<SSL_get_default_timeout(3)>
0bc6597d	68
e2f92610 RS	69	=head1 COPYRIGHT
	70
	71	Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
	72
4746f25a	73	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	74	this file except in compliance with the License. You can obtain a copy
	75	in the file LICENSE in the source distribution or at
	76	L<https://www.openssl.org/source/license.html>.
	77
	78	=cut