SSL_CONF_cmd.pod revision 296279
1289848Sjkim=pod 2289848Sjkim 3289848Sjkim=head1 NAME 4289848Sjkim 5289848SjkimSSL_CONF_cmd - send configuration command 6289848Sjkim 7289848Sjkim=head1 SYNOPSIS 8289848Sjkim 9289848Sjkim #include <openssl/ssl.h> 10289848Sjkim 11289848Sjkim int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); 12289848Sjkim int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); 13289848Sjkim int SSL_CONF_finish(SSL_CONF_CTX *cctx); 14289848Sjkim 15289848Sjkim=head1 DESCRIPTION 16289848Sjkim 17289848SjkimThe function SSL_CONF_cmd() performs configuration operation B<cmd> with 18289848Sjkimoptional parameter B<value> on B<ctx>. Its purpose is to simplify application 19289848Sjkimconfiguration of B<SSL_CTX> or B<SSL> structures by providing a common 20289848Sjkimframework for command line options or configuration files. 21289848Sjkim 22289848SjkimSSL_CONF_cmd_value_type() returns the type of value that B<cmd> refers to. 23289848Sjkim 24289848SjkimThe function SSL_CONF_finish() must be called after all configuration 25289848Sjkimoperations have been completed. It is used to finalise any operations 26289848Sjkimor to process defaults. 27289848Sjkim 28289848Sjkim=head1 SUPPORTED COMMAND LINE COMMANDS 29289848Sjkim 30289848SjkimCurrently supported B<cmd> names for command lines (i.e. when the 31289848Sjkimflag B<SSL_CONF_CMDLINE> is set) are listed below. Note: all B<cmd> names 32289848Sjkimare case sensitive. Unless otherwise stated commands can be used by 33289848Sjkimboth clients and servers and the B<value> parameter is not used. The default 34289848Sjkimprefix for command line commands is B<-> and that is reflected below. 35289848Sjkim 36289848Sjkim=over 4 37289848Sjkim 38289848Sjkim=item B<-sigalgs> 39289848Sjkim 40289848SjkimThis sets the supported signature algorithms for TLS v1.2. For clients this 41289848Sjkimvalue is used directly for the supported signature algorithms extension. For 42289848Sjkimservers it is used to determine which signature algorithms to support. 43289848Sjkim 44289848SjkimThe B<value> argument should be a colon separated list of signature algorithms 45289848Sjkimin order of decreasing preference of the form B<algorithm+hash>. B<algorithm> 46289848Sjkimis one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported algorithm 47289848SjkimOID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384> of B<SHA512>. 48289848SjkimNote: algorithm and hash names are case sensitive. 49289848Sjkim 50289848SjkimIf this option is not set then all signature algorithms supported by the 51289848SjkimOpenSSL library are permissible. 52289848Sjkim 53289848Sjkim=item B<-client_sigalgs> 54289848Sjkim 55289848SjkimThis sets the supported signature algorithms associated with client 56289848Sjkimauthentication for TLS v1.2. For servers the value is used in the supported 57289848Sjkimsignature algorithms field of a certificate request. For clients it is 58289848Sjkimused to determine which signature algorithm to with the client certificate. 59289848SjkimIf a server does not request a certificate this option has no effect. 60289848Sjkim 61289848SjkimThe syntax of B<value> is identical to B<-sigalgs>. If not set then 62289848Sjkimthe value set for B<-sigalgs> will be used instead. 63289848Sjkim 64289848Sjkim=item B<-curves> 65289848Sjkim 66289848SjkimThis sets the supported elliptic curves. For clients the curves are 67289848Sjkimsent using the supported curves extension. For servers it is used 68289848Sjkimto determine which curve to use. This setting affects curves used for both 69289848Sjkimsignatures and key exchange, if applicable. 70289848Sjkim 71289848SjkimThe B<value> argument is a colon separated list of curves. The curve can be 72289848Sjkimeither the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g 73289848SjkimB<prime256v1>). Curve names are case sensitive. 74289848Sjkim 75289848Sjkim=item B<-named_curve> 76289848Sjkim 77296279SjkimThis sets the temporary curve used for ephemeral ECDH modes. Only used by 78289848Sjkimservers 79289848Sjkim 80289848SjkimThe B<value> argument is a curve name or the special value B<auto> which 81289848Sjkimpicks an appropriate curve based on client and server preferences. The curve 82289848Sjkimcan be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name 83289848Sjkim(e.g B<prime256v1>). Curve names are case sensitive. 84289848Sjkim 85289848Sjkim=item B<-cipher> 86289848Sjkim 87289848SjkimSets the cipher suite list to B<value>. Note: syntax checking of B<value> is 88296279Sjkimcurrently not performed unless a B<SSL> or B<SSL_CTX> structure is 89289848Sjkimassociated with B<cctx>. 90289848Sjkim 91289848Sjkim=item B<-cert> 92289848Sjkim 93289848SjkimAttempts to use the file B<value> as the certificate for the appropriate 94289848Sjkimcontext. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX> 95289848Sjkimstructure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL> 96289848Sjkimstructure is set. This option is only supported if certificate operations 97289848Sjkimare permitted. 98289848Sjkim 99289848Sjkim=item B<-key> 100289848Sjkim 101289848SjkimAttempts to use the file B<value> as the private key for the appropriate 102289848Sjkimcontext. This option is only supported if certificate operations 103289848Sjkimare permitted. Note: if no B<-key> option is set then a private key is 104289848Sjkimnot loaded: it does not currently use the B<-cert> file. 105289848Sjkim 106289848Sjkim=item B<-dhparam> 107289848Sjkim 108289848SjkimAttempts to use the file B<value> as the set of temporary DH parameters for 109289848Sjkimthe appropriate context. This option is only supported if certificate 110289848Sjkimoperations are permitted. 111289848Sjkim 112289848Sjkim=item B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> 113289848Sjkim 114296279SjkimDisables protocol support for SSLv2, SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 115296279Sjkimby setting the corresponding options B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, 116296279SjkimB<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> respectively. 117289848Sjkim 118289848Sjkim=item B<-bugs> 119289848Sjkim 120289848SjkimVarious bug workarounds are set, same as setting B<SSL_OP_ALL>. 121289848Sjkim 122289848Sjkim=item B<-no_comp> 123289848Sjkim 124289848SjkimDisables support for SSL/TLS compression, same as setting B<SSL_OP_NO_COMPRESS>. 125289848Sjkim 126289848Sjkim=item B<-no_ticket> 127289848Sjkim 128289848SjkimDisables support for session tickets, same as setting B<SSL_OP_NO_TICKET>. 129289848Sjkim 130289848Sjkim=item B<-serverpref> 131289848Sjkim 132289848SjkimUse server and not client preference order when determining which cipher suite, 133289848Sjkimsignature algorithm or elliptic curve to use for an incoming connection. 134289848SjkimEquivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. 135289848Sjkim 136289848Sjkim=item B<-no_resumption_on_reneg> 137289848Sjkim 138289848Sjkimset SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers. 139289848Sjkim 140289848Sjkim=item B<-legacyrenegotiation> 141289848Sjkim 142289848Sjkimpermits the use of unsafe legacy renegotiation. Equivalent to setting 143289848SjkimB<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. 144289848Sjkim 145289848Sjkim=item B<-legacy_server_connect>, B<-no_legacy_server_connect> 146289848Sjkim 147289848Sjkimpermits or prohibits the use of unsafe legacy renegotiation for OpenSSL 148289848Sjkimclients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>. 149289848SjkimSet by default. 150289848Sjkim 151289848Sjkim=item B<-strict> 152289848Sjkim 153289848Sjkimenables strict mode protocol handling. Equivalent to setting 154289848SjkimB<SSL_CERT_FLAG_TLS_STRICT>. 155289848Sjkim 156289848Sjkim=item B<-debug_broken_protocol> 157289848Sjkim 158289848Sjkimdisables various checks and permits several kinds of broken protocol behaviour 159289848Sjkimfor testing purposes: it should B<NEVER> be used in anything other than a test 160289848Sjkimenvironment. Only supported if OpenSSL is configured with 161289848SjkimB<-DOPENSSL_SSL_DEBUG_BROKEN_PROTOCOL>. 162289848Sjkim 163289848Sjkim=back 164289848Sjkim 165289848Sjkim=head1 SUPPORTED CONFIGURATION FILE COMMANDS 166289848Sjkim 167289848SjkimCurrently supported B<cmd> names for configuration files (i.e. when the 168289848Sjkimflag B<SSL_CONF_FLAG_FILE> is set) are listed below. All configuration file 169289848SjkimB<cmd> names and are case insensitive so B<signaturealgorithms> is recognised 170289848Sjkimas well as B<SignatureAlgorithms>. Unless otherwise stated the B<value> names 171289848Sjkimare also case insensitive. 172289848Sjkim 173289848SjkimNote: the command prefix (if set) alters the recognised B<cmd> values. 174289848Sjkim 175289848Sjkim=over 4 176289848Sjkim 177289848Sjkim=item B<CipherString> 178289848Sjkim 179289848SjkimSets the cipher suite list to B<value>. Note: syntax checking of B<value> is 180296279Sjkimcurrently not performed unless an B<SSL> or B<SSL_CTX> structure is 181289848Sjkimassociated with B<cctx>. 182289848Sjkim 183289848Sjkim=item B<Certificate> 184289848Sjkim 185289848SjkimAttempts to use the file B<value> as the certificate for the appropriate 186289848Sjkimcontext. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX> 187289848Sjkimstructure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL> 188289848Sjkimstructure is set. This option is only supported if certificate operations 189289848Sjkimare permitted. 190289848Sjkim 191289848Sjkim=item B<PrivateKey> 192289848Sjkim 193289848SjkimAttempts to use the file B<value> as the private key for the appropriate 194289848Sjkimcontext. This option is only supported if certificate operations 195289848Sjkimare permitted. Note: if no B<-key> option is set then a private key is 196289848Sjkimnot loaded: it does not currently use the B<Certificate> file. 197289848Sjkim 198289848Sjkim=item B<ServerInfoFile> 199289848Sjkim 200289848SjkimAttempts to use the file B<value> in the "serverinfo" extension using the 201289848Sjkimfunction SSL_CTX_use_serverinfo_file. 202289848Sjkim 203289848Sjkim=item B<DHParameters> 204289848Sjkim 205289848SjkimAttempts to use the file B<value> as the set of temporary DH parameters for 206289848Sjkimthe appropriate context. This option is only supported if certificate 207289848Sjkimoperations are permitted. 208289848Sjkim 209289848Sjkim=item B<SignatureAlgorithms> 210289848Sjkim 211289848SjkimThis sets the supported signature algorithms for TLS v1.2. For clients this 212289848Sjkimvalue is used directly for the supported signature algorithms extension. For 213289848Sjkimservers it is used to determine which signature algorithms to support. 214289848Sjkim 215289848SjkimThe B<value> argument should be a colon separated list of signature algorithms 216289848Sjkimin order of decreasing preference of the form B<algorithm+hash>. B<algorithm> 217289848Sjkimis one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported algorithm 218289848SjkimOID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384> of B<SHA512>. 219289848SjkimNote: algorithm and hash names are case sensitive. 220289848Sjkim 221289848SjkimIf this option is not set then all signature algorithms supported by the 222289848SjkimOpenSSL library are permissible. 223289848Sjkim 224289848Sjkim=item B<ClientSignatureAlgorithms> 225289848Sjkim 226289848SjkimThis sets the supported signature algorithms associated with client 227289848Sjkimauthentication for TLS v1.2. For servers the value is used in the supported 228289848Sjkimsignature algorithms field of a certificate request. For clients it is 229289848Sjkimused to determine which signature algorithm to with the client certificate. 230289848Sjkim 231289848SjkimThe syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then 232289848Sjkimthe value set for B<SignatureAlgorithms> will be used instead. 233289848Sjkim 234289848Sjkim=item B<Curves> 235289848Sjkim 236289848SjkimThis sets the supported elliptic curves. For clients the curves are 237289848Sjkimsent using the supported curves extension. For servers it is used 238289848Sjkimto determine which curve to use. This setting affects curves used for both 239289848Sjkimsignatures and key exchange, if applicable. 240289848Sjkim 241289848SjkimThe B<value> argument is a colon separated list of curves. The curve can be 242289848Sjkimeither the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g 243289848SjkimB<prime256v1>). Curve names are case sensitive. 244289848Sjkim 245289848Sjkim=item B<ECDHParameters> 246289848Sjkim 247296279SjkimThis sets the temporary curve used for ephemeral ECDH modes. Only used by 248289848Sjkimservers 249289848Sjkim 250289848SjkimThe B<value> argument is a curve name or the special value B<Automatic> which 251289848Sjkimpicks an appropriate curve based on client and server preferences. The curve 252289848Sjkimcan be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name 253289848Sjkim(e.g B<prime256v1>). Curve names are case sensitive. 254289848Sjkim 255289848Sjkim=item B<Protocol> 256289848Sjkim 257289848SjkimThe supported versions of the SSL or TLS protocol. 258289848Sjkim 259289848SjkimThe B<value> argument is a comma separated list of supported protocols to 260289848Sjkimenable or disable. If an protocol is preceded by B<-> that version is disabled. 261296279SjkimCurrently supported protocol values are B<SSLv2>, B<SSLv3>, B<TLSv1>, 262296279SjkimB<TLSv1.1> and B<TLSv1.2>. 263296279SjkimAll protocol versions other than B<SSLv2> are enabled by default. 264296279SjkimTo avoid inadvertent enabling of B<SSLv2>, when SSLv2 is disabled, it is not 265296279Sjkimpossible to enable it via the B<Protocol> command. 266289848Sjkim 267289848Sjkim=item B<Options> 268289848Sjkim 269289848SjkimThe B<value> argument is a comma separated list of various flags to set. 270289848SjkimIf a flag string is preceded B<-> it is disabled. See the 271289848SjkimB<SSL_CTX_set_options> function for more details of individual options. 272289848Sjkim 273289848SjkimEach option is listed below. Where an operation is enabled by default 274289848Sjkimthe B<-flag> syntax is needed to disable it. 275289848Sjkim 276289848SjkimB<SessionTicket>: session ticket support, enabled by default. Inverse of 277289848SjkimB<SSL_OP_NO_TICKET>: that is B<-SessionTicket> is the same as setting 278289848SjkimB<SSL_OP_NO_TICKET>. 279289848Sjkim 280289848SjkimB<Compression>: SSL/TLS compression support, enabled by default. Inverse 281289848Sjkimof B<SSL_OP_NO_COMPRESSION>. 282289848Sjkim 283289848SjkimB<EmptyFragments>: use empty fragments as a countermeasure against a 284289848SjkimSSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It 285289848Sjkimis set by default. Inverse of B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS>. 286289848Sjkim 287289848SjkimB<Bugs>: enable various bug workarounds. Same as B<SSL_OP_ALL>. 288289848Sjkim 289289848SjkimB<DHSingle>: enable single use DH keys, set by default. Inverse of 290289848SjkimB<SSL_OP_DH_SINGLE>. Only used by servers. 291289848Sjkim 292289848SjkimB<ECDHSingle> enable single use ECDH keys, set by default. Inverse of 293289848SjkimB<SSL_OP_ECDH_SINGLE>. Only used by servers. 294289848Sjkim 295289848SjkimB<ServerPreference> use server and not client preference order when 296289848Sjkimdetermining which cipher suite, signature algorithm or elliptic curve 297289848Sjkimto use for an incoming connection. Equivalent to 298289848SjkimB<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. 299289848Sjkim 300289848SjkimB<NoResumptionOnRenegotiation> set 301289848SjkimB<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers. 302289848Sjkim 303289848SjkimB<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation. 304289848SjkimEquivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. 305289848Sjkim 306289848SjkimB<UnsafeLegacyServerConnect> permits the use of unsafe legacy renegotiation 307289848Sjkimfor OpenSSL clients only. Equivalent to B<SSL_OP_LEGACY_SERVER_CONNECT>. 308289848SjkimSet by default. 309289848Sjkim 310289848Sjkim=back 311289848Sjkim 312289848Sjkim=head1 SUPPORTED COMMAND TYPES 313289848Sjkim 314289848SjkimThe function SSL_CONF_cmd_value_type() currently returns one of the following 315289848Sjkimtypes: 316289848Sjkim 317289848Sjkim=over 4 318289848Sjkim 319289848Sjkim=item B<SSL_CONF_TYPE_UNKNOWN> 320289848Sjkim 321289848SjkimThe B<cmd> string is unrecognised, this return value can be use to flag 322289848Sjkimsyntax errors. 323289848Sjkim 324289848Sjkim=item B<SSL_CONF_TYPE_STRING> 325289848Sjkim 326289848SjkimThe value is a string without any specific structure. 327289848Sjkim 328289848Sjkim=item B<SSL_CONF_TYPE_FILE> 329289848Sjkim 330289848SjkimThe value is a file name. 331289848Sjkim 332289848Sjkim=item B<SSL_CONF_TYPE_DIR> 333289848Sjkim 334289848SjkimThe value is a directory name. 335289848Sjkim 336289848Sjkim=back 337289848Sjkim 338289848Sjkim=head1 NOTES 339289848Sjkim 340289848SjkimThe order of operations is significant. This can be used to set either defaults 341289848Sjkimor values which cannot be overridden. For example if an application calls: 342289848Sjkim 343296279Sjkim SSL_CONF_cmd(ctx, "Protocol", "-SSLv3"); 344289848Sjkim SSL_CONF_cmd(ctx, userparam, uservalue); 345289848Sjkim 346296279Sjkimit will disable SSLv3 support by default but the user can override it. If 347289848Sjkimhowever the call sequence is: 348289848Sjkim 349289848Sjkim SSL_CONF_cmd(ctx, userparam, uservalue); 350296279Sjkim SSL_CONF_cmd(ctx, "Protocol", "-SSLv3"); 351289848Sjkim 352296279Sjkimthen SSLv3 is B<always> disabled and attempt to override this by the user are 353289848Sjkimignored. 354289848Sjkim 355289848SjkimBy checking the return code of SSL_CTX_cmd() it is possible to query if a 356289848Sjkimgiven B<cmd> is recognised, this is useful is SSL_CTX_cmd() values are 357289848Sjkimmixed with additional application specific operations. 358289848Sjkim 359289848SjkimFor example an application might call SSL_CTX_cmd() and if it returns 360289848Sjkim-2 (unrecognised command) continue with processing of application specific 361289848Sjkimcommands. 362289848Sjkim 363289848SjkimApplications can also use SSL_CTX_cmd() to process command lines though the 364289848Sjkimutility function SSL_CTX_cmd_argv() is normally used instead. One way 365289848Sjkimto do this is to set the prefix to an appropriate value using 366289848SjkimSSL_CONF_CTX_set1_prefix(), pass the current argument to B<cmd> and the 367289848Sjkimfollowing argument to B<value> (which may be NULL). 368289848Sjkim 369289848SjkimIn this case if the return value is positive then it is used to skip that 370289848Sjkimnumber of arguments as they have been processed by SSL_CTX_cmd(). If -2 is 371289848Sjkimreturned then B<cmd> is not recognised and application specific arguments 372289848Sjkimcan be checked instead. If -3 is returned a required argument is missing 373289848Sjkimand an error is indicated. If 0 is returned some other error occurred and 374289848Sjkimthis can be reported back to the user. 375289848Sjkim 376296279SjkimThe function SSL_CONF_cmd_value_type() can be used by applications to 377289848Sjkimcheck for the existence of a command or to perform additional syntax 378289848Sjkimchecking or translation of the command value. For example if the return 379289848Sjkimvalue is B<SSL_CONF_TYPE_FILE> an application could translate a relative 380289848Sjkimpathname to an absolute pathname. 381289848Sjkim 382289848Sjkim=head1 EXAMPLES 383289848Sjkim 384289848SjkimSet supported signature algorithms: 385289848Sjkim 386289848Sjkim SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256"); 387289848Sjkim 388289848SjkimEnable all protocols except SSLv3 and SSLv2: 389289848Sjkim 390289848Sjkim SSL_CONF_cmd(ctx, "Protocol", "ALL,-SSLv3,-SSLv2"); 391289848Sjkim 392289848SjkimOnly enable TLSv1.2: 393289848Sjkim 394289848Sjkim SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2"); 395289848Sjkim 396289848SjkimDisable TLS session tickets: 397289848Sjkim 398289848Sjkim SSL_CONF_cmd(ctx, "Options", "-SessionTicket"); 399289848Sjkim 400289848SjkimSet supported curves to P-256, P-384: 401289848Sjkim 402289848Sjkim SSL_CONF_cmd(ctx, "Curves", "P-256:P-384"); 403289848Sjkim 404289848SjkimSet automatic support for any elliptic curve for key exchange: 405289848Sjkim 406289848Sjkim SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic"); 407289848Sjkim 408289848Sjkim=head1 RETURN VALUES 409289848Sjkim 410289848SjkimSSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is 411289848SjkimB<NOT> used and 2 if both B<cmd> and B<value> are used. In other words it 412289848Sjkimreturns the number of arguments processed. This is useful when processing 413289848Sjkimcommand lines. 414289848Sjkim 415289848SjkimA return value of -2 means B<cmd> is not recognised. 416289848Sjkim 417289848SjkimA return value of -3 means B<cmd> is recognised and the command requires a 418289848Sjkimvalue but B<value> is NULL. 419289848Sjkim 420289848SjkimA return code of 0 indicates that both B<cmd> and B<value> are valid but an 421289848Sjkimerror occurred attempting to perform the operation: for example due to an 422289848Sjkimerror in the syntax of B<value> in this case the error queue may provide 423289848Sjkimadditional information. 424289848Sjkim 425289848SjkimSSL_CONF_finish() returns 1 for success and 0 for failure. 426289848Sjkim 427289848Sjkim=head1 SEE ALSO 428289848Sjkim 429289848SjkimL<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, 430289848SjkimL<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, 431289848SjkimL<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, 432289848SjkimL<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, 433289848SjkimL<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> 434289848Sjkim 435289848Sjkim=head1 HISTORY 436289848Sjkim 437289848SjkimSSL_CONF_cmd() was first added to OpenSSL 1.0.2 438289848Sjkim 439289848Sjkim=cut 440