A file containing a list of certificates whose subject names will be sent
to the server in the B<certificate_authorities> extension. Only supported
-for TLS 1.3
+for TLS 1.3 and DTLS 1.3
=item B<-dane_tlsa_domain> I<domain>
SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to the method
used by B<c>. If there is no key exchange, then B<NID_undef> is returned.
-If any appropriate key exchange algorithm can be used (as in the case of TLS 1.3
+If any appropriate key exchange algorithm can be used (as in the case of (D)TLS 1.3
cipher suites) B<NID_kx_any> is returned. Examples (not comprehensive):
NID_kx_rsa
SSL_CIPHER_get_auth_nid() returns the authentication NID corresponding to the method
used by B<c>. If there is no authentication, then B<NID_undef> is returned.
If any appropriate authentication algorithm can be used (as in the case of
-TLS 1.3 cipher suites) B<NID_auth_any> is returned. Examples (not comprehensive):
+(D)TLS 1.3 cipher suites) B<NID_auth_any> is returned. Examples (not comprehensive):
NID_auth_rsa
NID_auth_ecdsa
This option indicates a file containing a set of certificates in PEM form.
The subject names of the certificates are sent to the peer in the
-B<certificate_authorities> extension for TLS 1.3 (in ClientHello or
+B<certificate_authorities> extension for (D)TLS 1.3 (in ClientHello or
CertificateRequest) or in a certificate request for previous versions or
TLS.
names set is never sent from client to server and the list of CA names retrieved
by SSL_get0_peer_CA_list() is always B<NULL>.
-For TLS 1.3 the list of CA names is sent using the B<certificate_authorities>
+For (D)TLS 1.3 the list of CA names is sent using the B<certificate_authorities>
extension and may be sent by a client (in the ClientHello message) or by
a server (when requesting a certificate).
signature algorithms for B<ctx> or B<ssl>. The B<str> parameter
must be a null terminated string consisting of a colon separated list of
elements, where each element is either a combination of a public key
-algorithm and a digest separated by B<+>, or a TLS 1.3-style named
+algorithm and a digest separated by B<+>, or a (D)TLS 1.3-style named
SignatureScheme such as rsa_pss_pss_sha256. If a list entry is preceded
with the C<?> character, it will be ignored if an implementation is missing.
example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and
the public key algorithm strings "RSA", "RSA-PSS", "DSA" or "ECDSA".
-The TLS 1.3 signature scheme names (such as "rsa_pss_pss_sha256") can also
+The (D)TLS 1.3 signature scheme names (such as "rsa_pss_pss_sha256") can also
be used with the B<_list> forms of the API.
The use of MD5 as a digest is strongly discouraged due to security weaknesses.
Currently supported versions are B<SSL3_VERSION>, B<TLS1_VERSION>,
B<TLS1_1_VERSION>, B<TLS1_2_VERSION>, B<TLS1_3_VERSION> for TLS and
-B<DTLS1_VERSION>, B<DTLS1_2_VERSION> for DTLS.
+B<DTLS1_VERSION>, B<DTLS1_2_VERSION>, B<DTLS1_3_VERSION> for DTLS.
In the current version of OpenSSL only QUICv1 is supported in conjunction with
TLSv1.3. Calling these functions on a QUIC object has no effect.
SSL_new_session_ticket() is used by a server application to request that a new
ticket be sent when it is safe to do so. New tickets are only allowed to be
sent in this manner after the initial handshake has completed, and only for
-TLS 1.3 connections. By default, the ticket generation and transmission are
+(D)TLS 1.3 connections. By default, the ticket generation and transmission are
delayed until the server is starting a new write operation, so that it is
bundled with other application data being written and properly aligned to a
record boundary. If the connection was at a record boundary when
handshake). This option is not needed for clients.
=item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1,
-SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
+SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3,
+SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2, SSL_OP_NO_DTLSv1_3
These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol
-versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS,
+versions with TLS or the DTLSv1, DTLSv1.2, DTLSv1.3 versions with DTLS,
respectively.
As of OpenSSL 1.1.0, these options are deprecated, use
L<SSL_CTX_set_min_proto_version(3)> and
signature algorithm, supported curves and in the case of client authentication
certificate types and issuer names.
-Since the supported signature algorithms extension is only used in TLS 1.2,
-TLS 1.3 and DTLS 1.2 the results for earlier versions of TLS and DTLS may not
+Since the supported signature algorithms extension is only used in (D)TLS 1.2
+and (D)TLS 1.3 the results for earlier versions of TLS and DTLS may not
be very useful. Applications may wish to specify a different "legacy" chain
for earlier versions of TLS or DTLS.
SSL_export_keying_material() derives keying material using
the F<exporter_master_secret> established in the handshake.
-SSL_export_keying_material_early() is only usable with TLSv1.3, and derives
+SSL_export_keying_material_early() is only usable with (D)TLSv1.3, and derives
keying material using the F<early_exporter_master_secret> (as defined in the
TLS 1.3 RFC). For the client, the F<early_exporter_master_secret> is only
available when the client attempts to send 0-RTT data. For the server, it is
request (for clients). They can (for example) be called in the certificate
callback.
-Only TLS 1.2, TLS 1.3 and DTLS 1.2 currently support signature algorithms.
+Only (D)TLS 1.2 and (D)TLS 1.3 currently support signature algorithms.
If these
functions are called on an earlier version of TLS or DTLS zero is returned.
The connection uses the DTLSv1.2 protocol
+=item DTLS1_3_VERSION
+
+The connection uses the DTLSv1.3 protocol
+
=item OSSL_QUIC1_VERSION
The connection uses the QUICv1 protocol.
projects / thirdparty / openssl.git / commitdiff
