1=pod 2 3=head1 NAME 4 5SSL_CTX_new, 6SSLv23_method, SSLv23_server_method, SSLv23_client_method, 7TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, 8TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, 9TLSv1_method, TLSv1_server_method, TLSv1_client_method, 10SSLv3_method, SSLv3_server_method, SSLv3_client_method, 11SSLv2_method, SSLv2_server_method, SSLv2_client_method, 12DTLS_method, DTLS_server_method, DTLS_client_method, 13DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method, 14DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method - 15create a new SSL_CTX object as framework for TLS/SSL enabled functions 16 17=head1 SYNOPSIS 18 19 #include <openssl/ssl.h> 20 21 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); 22 const SSL_METHOD *SSLv23_method(void); 23 const SSL_METHOD *SSLv23_server_method(void); 24 const SSL_METHOD *SSLv23_client_method(void); 25 const SSL_METHOD *TLSv1_2_method(void); 26 const SSL_METHOD *TLSv1_2_server_method(void); 27 const SSL_METHOD *TLSv1_2_client_method(void); 28 const SSL_METHOD *TLSv1_1_method(void); 29 const SSL_METHOD *TLSv1_1_server_method(void); 30 const SSL_METHOD *TLSv1_1_client_method(void); 31 const SSL_METHOD *TLSv1_method(void); 32 const SSL_METHOD *TLSv1_server_method(void); 33 const SSL_METHOD *TLSv1_client_method(void); 34 #ifndef OPENSSL_NO_SSL3_METHOD 35 const SSL_METHOD *SSLv3_method(void); 36 const SSL_METHOD *SSLv3_server_method(void); 37 const SSL_METHOD *SSLv3_client_method(void); 38 #endif 39 #ifndef OPENSSL_NO_SSL2 40 const SSL_METHOD *SSLv2_method(void); 41 const SSL_METHOD *SSLv2_server_method(void); 42 const SSL_METHOD *SSLv2_client_method(void); 43 #endif 44 45 const SSL_METHOD *DTLS_method(void); 46 const SSL_METHOD *DTLS_server_method(void); 47 const SSL_METHOD *DTLS_client_method(void); 48 const SSL_METHOD *DTLSv1_2_method(void); 49 const SSL_METHOD *DTLSv1_2_server_method(void); 50 const SSL_METHOD *DTLSv1_2_client_method(void); 51 const SSL_METHOD *DTLSv1_method(void); 52 const SSL_METHOD *DTLSv1_server_method(void); 53 const SSL_METHOD *DTLSv1_client_method(void); 54 55=head1 DESCRIPTION 56 57SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish 58TLS/SSL enabled connections. 59 60=head1 NOTES 61 62The SSL_CTX object uses B<method> as connection method. The methods exist 63in a generic type (for client and server use), a server only type, and a 64client only type. B<method> can be of the following types: 65 66=over 4 67 68=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method() 69 70These are the general-purpose I<version-flexible> SSL/TLS methods. 71The actual protocol version used will be negotiated to the highest version 72mutually supported by the client and the server. 73The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. 74Most applications should use these method, and avoid the version specific 75methods described below. 76 77The list of protocols available can be further limited using the 78B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, 79B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> options of the 80L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions. 81Clients should avoid creating "holes" in the set of protocols they support, 82when disabling a protocol, make sure that you also disable either all previous 83or all subsequent protocol versions. 84In clients, when a protocol version is disabled without disabling I<all> 85previous protocol versions, the effect is to also disable all subsequent 86protocol versions. 87 88The SSLv2 and SSLv3 protocols are deprecated and should generally not be used. 89Applications should typically use L<SSL_CTX_set_options(3)> in combination with 90the B<SSL_OP_NO_SSLv3> flag to disable negotiation of SSLv3 via the above 91I<version-flexible> SSL/TLS methods. 92The B<SSL_OP_NO_SSLv2> option is set by default, and would need to be cleared 93via L<SSL_CTX_clear_options(3)> in order to enable negotiation of SSLv2. 94 95=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method() 96 97A TLS/SSL connection established with these methods will only understand the 98TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages and 99will also indicate that it only understand TLSv1.2. A server will only 100understand TLSv1.2 client hello messages. 101 102=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method() 103 104A TLS/SSL connection established with these methods will only understand the 105TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages and 106will also indicate that it only understand TLSv1.1. A server will only 107understand TLSv1.1 client hello messages. 108 109=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method() 110 111A TLS/SSL connection established with these methods will only understand the 112TLSv1 protocol. A client will send out TLSv1 client hello messages and will 113indicate that it only understands TLSv1. A server will only understand TLSv1 114client hello messages. 115 116=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method() 117 118A TLS/SSL connection established with these methods will only understand the 119SSLv3 protocol. A client will send out SSLv3 client hello messages and will 120indicate that it only understands SSLv3. A server will only understand SSLv3 121client hello messages. The SSLv3 protocol is deprecated and should not be 122used. 123 124=item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method() 125 126A TLS/SSL connection established with these methods will only understand the 127SSLv2 protocol. A client will send out SSLv2 client hello messages and will 128also indicate that it only understand SSLv2. A server will only understand 129SSLv2 client hello messages. The SSLv2 protocol offers little to no security 130and should not be used. 131As of OpenSSL 1.0.2g, EXPORT ciphers and 56-bit DES are no longer available 132with SSLv2. 133 134=item DTLS_method(), DTLS_server_method(), DTLS_client_method() 135 136These are the version-flexible DTLS methods. 137 138=item DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method() 139 140These are the version-specific methods for DTLSv1.2. 141 142=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method() 143 144These are the version-specific methods for DTLSv1. 145 146=back 147 148SSL_CTX_new() initializes the list of ciphers, the session cache setting, the 149callbacks, the keys and certificates and the options to its default values. 150 151=head1 RETURN VALUES 152 153The following return values can occur: 154 155=over 4 156 157=item NULL 158 159The creation of a new SSL_CTX object failed. Check the error stack to find out 160the reason. 161 162=item Pointer to an SSL_CTX object 163 164The return value points to an allocated SSL_CTX object. 165 166=back 167 168=head1 SEE ALSO 169 170L<SSL_CTX_set_options(3)>, L<SSL_CTX_clear_options(3)>, L<SSL_set_options(3)>, 171L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, 172L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> 173 174=cut 175