=head1 NAME
-TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
-SSL_CTX_new, SSL_CTX_new_ex, SSL_CTX_up_ref, SSLv3_method,
-SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method,
-TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method,
-TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method,
-SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method,
-DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method,
-DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method,
-DTLSv1_2_client_method
+SSL_CTX_new, SSL_CTX_new_ex, SSL_CTX_up_ref, TLS_method, TLS_server_method,
+TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method,
+DTLS_method, DTLS_server_method, DTLS_client_method
- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled
functions
const SSL_METHOD *SSLv23_server_method(void);
const SSL_METHOD *SSLv23_client_method(void);
- #ifndef OPENSSL_NO_SSL3_METHOD
- const SSL_METHOD *SSLv3_method(void);
- const SSL_METHOD *SSLv3_server_method(void);
- const SSL_METHOD *SSLv3_client_method(void);
- #endif
-
- #ifndef OPENSSL_NO_TLS1_METHOD
- const SSL_METHOD *TLSv1_method(void);
- const SSL_METHOD *TLSv1_server_method(void);
- const SSL_METHOD *TLSv1_client_method(void);
- #endif
-
- #ifndef OPENSSL_NO_TLS1_1_METHOD
- const SSL_METHOD *TLSv1_1_method(void);
- const SSL_METHOD *TLSv1_1_server_method(void);
- const SSL_METHOD *TLSv1_1_client_method(void);
- #endif
-
- #ifndef OPENSSL_NO_TLS1_2_METHOD
- const SSL_METHOD *TLSv1_2_method(void);
- const SSL_METHOD *TLSv1_2_server_method(void);
- const SSL_METHOD *TLSv1_2_client_method(void);
- #endif
-
const SSL_METHOD *DTLS_method(void);
const SSL_METHOD *DTLS_server_method(void);
const SSL_METHOD *DTLS_client_method(void);
- #ifndef OPENSSL_NO_DTLS1_METHOD
- const SSL_METHOD *DTLSv1_method(void);
- const SSL_METHOD *DTLSv1_server_method(void);
- const SSL_METHOD *DTLSv1_client_method(void);
- #endif
-
- #ifndef OPENSSL_NO_DTLS1_2_METHOD
- const SSL_METHOD *DTLSv1_2_method(void);
- const SSL_METHOD *DTLSv1_2_server_method(void);
- const SSL_METHOD *DTLSv1_2_client_method(void);
- #endif
-
=head1 DESCRIPTION
SSL_CTX_new_ex() creates a new B<SSL_CTX> object, which holds various
=over 4
-=item TLS_method(), TLS_server_method(), TLS_client_method()
-
-These are the general-purpose I<version-flexible> SSL/TLS methods.
-The actual protocol version used will be negotiated to the highest version
-mutually supported by the client and the server.
-The supported protocols are TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
-Applications should use these methods, and avoid the version-specific
-methods described below, which are deprecated.
-
=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
These functions do not exist anymore, they have been renamed to
old function names still compiles. However, using the old function names
is deprecated and new code should call the new functions instead.
-=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
-
-A TLS/SSL connection established with these methods will only understand the
-TLSv1.2 protocol. These methods are deprecated.
-
-=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
-
-A TLS/SSL connection established with these methods will only understand the
-TLSv1.1 protocol. These methods are deprecated.
-
-=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
-
-A TLS/SSL connection established with these methods will only understand the
-TLSv1 protocol. These methods are deprecated.
-
-=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
+=item TLS_method(), TLS_server_method(), TLS_client_method()
-Starting in version 3.6 those functions always return NULL.
+These are the general-purpose I<version-flexible> SSL/TLS methods.
+The actual protocol version used will be negotiated to the highest version
+mutually supported by the client and the server.
+The supported protocols are TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
=item DTLS_method(), DTLS_server_method(), DTLS_client_method()
These are the version-flexible DTLS methods.
-Currently supported protocols are DTLS 1.0 and DTLS 1.2.
-
-=item DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
-
-These are the version-specific methods for DTLSv1.2.
-These methods are deprecated.
-
-=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
-
-These are the version-specific methods for DTLSv1.
-These methods are deprecated.
+The supported protocols are DTLS 1.0 and DTLS 1.2.
=back
TLS_method(), TLS_server_method(), TLS_client_method(), DTLS_method(),
DTLS_server_method() and DTLS_client_method() are the I<version-flexible>
methods.
-All other methods only support one specific protocol version.
-Use the I<version-flexible> methods instead of the version specific methods.
If you want to limit the supported protocols for the version flexible
methods you can use L<SSL_CTX_set_min_proto_version(3)>,
SSL_CTX_new_ex() was added in OpenSSL 3.0.
+All version-specific methods were removed in OpenSSL 4.0.
+
=head1 COPYRIGHT
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
allocated memory at application exit. If clean report is desired, then
application must call OPENSSL_cleanup() explicitly before main() returns.
+=head3 Removal of fixed (D)TLS version method functions
+
+SSLv3_method(), SSLv3_server_method(), SSLv3_client_method(),
+TLSv1_method(), TLSv1_server_method(), TLSv1_client_method(),
+TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method(),
+TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method(),
+DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method(),
+DTLSv1_2_method(), DTLSv1_2_server_method() and DTLSv1_2_client_method()
+were deprecated in the OpenSSL 1.1.0 release.
+
+Migrating applications should use
+TLS_method(), TLS_server_method(), TLS_client_method(),
+TLS_method(), TLS_server_method(), TLS_client_method(),
+instead and set the version with the SSL_CTX_set_min_proto_version() and/or
+SSL_CTX_set_max_proto_version() api's.
+
=head3 Deprecation of EVP_MD_CTX_get0_md_data()
The function EVP_MD_CTX_get0_md_data() has been deprecated in 4.0. This function
return 0;
/* This only fuzzes the initial flow from the client so far. */
- ctx = SSL_CTX_new(SSLv23_method());
+ ctx = SSL_CTX_new(TLS_method());
if (ctx == NULL)
goto end;
return 0;
/* This only fuzzes the initial flow from the client so far. */
- ctx = SSL_CTX_new(SSLv23_method());
+ ctx = SSL_CTX_new(TLS_method());
OPENSSL_assert(ctx != NULL);
ret = SSL_CTX_set_min_proto_version(ctx, 0);
OPENSSL_assert(ret == 1);
__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-#ifndef OPENSSL_NO_DEPRECATED_1_1_0
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_server_method(void);
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_client_method(void);
-#endif
-#endif
-
#define SSLv23_method TLS_method
#define SSLv23_server_method TLS_server_method
#define SSLv23_client_method TLS_client_method
__owur const SSL_METHOD *TLS_server_method(void);
__owur const SSL_METHOD *TLS_client_method(void);
-#ifndef OPENSSL_NO_TLS1_METHOD
-#ifndef OPENSSL_NO_DEPRECATED_1_1_0
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_server_method(void);
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_client_method(void);
-#endif
-#endif
-
-#ifndef OPENSSL_NO_TLS1_1_METHOD
-#ifndef OPENSSL_NO_DEPRECATED_1_1_0
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_server_method(void);
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_client_method(void);
-#endif
-#endif
-
-#ifndef OPENSSL_NO_TLS1_2_METHOD
-#ifndef OPENSSL_NO_DEPRECATED_1_1_0
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_server_method(void);
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_client_method(void);
-#endif
-#endif
-
-#ifndef OPENSSL_NO_DTLS1_METHOD
-#ifndef OPENSSL_NO_DEPRECATED_1_1_0
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_server_method(void);
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_client_method(void);
-#endif
-#endif
-
-#ifndef OPENSSL_NO_DTLS1_2_METHOD
-/* DTLSv1.2 */
-#ifndef OPENSSL_NO_DEPRECATED_1_1_0
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_method(void);
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_server_method(void);
-OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_client_method(void);
-#endif
-#endif
-
__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
DTLS_client_method,
ssl_undefined_function,
ossl_statem_connect, DTLSv1_2_enc_data)
-#ifndef OPENSSL_NO_DEPRECATED_1_1_0
-#ifndef OPENSSL_NO_TLS1_2_METHOD
-const SSL_METHOD *TLSv1_2_method(void)
-{
- return tlsv1_2_method();
-}
-
-const SSL_METHOD *TLSv1_2_server_method(void)
-{
- return tlsv1_2_server_method();
-}
-
-const SSL_METHOD *TLSv1_2_client_method(void)
-{
- return tlsv1_2_client_method();
-}
-#endif
-
-#ifndef OPENSSL_NO_TLS1_1_METHOD
-const SSL_METHOD *TLSv1_1_method(void)
-{
- return tlsv1_1_method();
-}
-
-const SSL_METHOD *TLSv1_1_server_method(void)
-{
- return tlsv1_1_server_method();
-}
-
-const SSL_METHOD *TLSv1_1_client_method(void)
-{
- return tlsv1_1_client_method();
-}
-#endif
-
-#ifndef OPENSSL_NO_TLS1_METHOD
-const SSL_METHOD *TLSv1_method(void)
-{
- return tlsv1_method();
-}
-
-const SSL_METHOD *TLSv1_server_method(void)
-{
- return tlsv1_server_method();
-}
-
-const SSL_METHOD *TLSv1_client_method(void)
-{
- return tlsv1_client_method();
-}
-#endif
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-const SSL_METHOD *SSLv3_method(void)
-{
- return NULL;
-}
-
-const SSL_METHOD *SSLv3_server_method(void)
-{
- return NULL;
-}
-
-const SSL_METHOD *SSLv3_client_method(void)
-{
- return NULL;
-}
-#endif
-
-#ifndef OPENSSL_NO_DTLS1_2_METHOD
-const SSL_METHOD *DTLSv1_2_method(void)
-{
- return dtlsv1_2_method();
-}
-
-const SSL_METHOD *DTLSv1_2_server_method(void)
-{
- return dtlsv1_2_server_method();
-}
-
-const SSL_METHOD *DTLSv1_2_client_method(void)
-{
- return dtlsv1_2_client_method();
-}
-#endif
-
-#ifndef OPENSSL_NO_DTLS1_METHOD
-const SSL_METHOD *DTLSv1_method(void)
-{
- return dtlsv1_method();
-}
-
-const SSL_METHOD *DTLSv1_server_method(void)
-{
- return dtlsv1_server_method();
-}
-
-const SSL_METHOD *DTLSv1_client_method(void)
-{
- return dtlsv1_client_method();
-}
-#endif
-
-#endif
SSL_get_version ? 4_0_0 EXIST::FUNCTION:
SSL_get_handshake_rtt ? 4_0_0 EXIST::FUNCTION:
SSL_CTX_set_ssl_version ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-SSLv3_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
-SSLv3_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
-SSLv3_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
TLS_method ? 4_0_0 EXIST::FUNCTION:
TLS_server_method ? 4_0_0 EXIST::FUNCTION:
TLS_client_method ? 4_0_0 EXIST::FUNCTION:
-TLSv1_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
-TLSv1_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
-TLSv1_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
-TLSv1_1_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
-TLSv1_1_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
-TLSv1_1_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
-TLSv1_2_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
-TLSv1_2_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
-TLSv1_2_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
-DTLSv1_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
-DTLSv1_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
-DTLSv1_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
-DTLSv1_2_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
-DTLSv1_2_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
-DTLSv1_2_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
DTLS_method ? 4_0_0 EXIST::FUNCTION:
DTLS_server_method ? 4_0_0 EXIST::FUNCTION:
DTLS_client_method ? 4_0_0 EXIST::FUNCTION:
projects / thirdparty / openssl.git / commitdiff
