SSL_CTX_new.pod revision 68651
1=pod 2 3=head1 NAME 4 5SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions 6 7=head1 SYNOPSIS 8 9 #include <openssl/ssl.h> 10 11 SSL_CTX *SSL_CTX_new(SSL_METHOD *method); 12 13=head1 DESCRIPTION 14 15SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish 16TLS/SSL enabled connections. 17 18=head1 NOTES 19 20The SSL_CTX object uses B<method> as connection method. The methods exist 21in a generic type (for client and server use), a server only type, and a 22client only type. B<method> can be of the following types: 23 24=over 4 25 26=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) 27 28A TLS/SSL connection established with these methods will only understand 29the SSLv2 protocol. A client will send out SSLv2 client hello messages 30and will also indicate that it only understand SSLv2. A server will only 31understand SSLv2 client hello messages. 32 33=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) 34 35A TLS/SSL connection established with these methods will only understand the 36SSLv3 and TLSv1 protocol. A client will send out SSLv3 client hello messages 37and will indicate that it also understands TLSv1. A server will only understand 38SSLv3 and TLSv1 client hello messages. This especially means, that it will 39not understand SSLv2 client hello messages which are widely used for 40compatibility reasons, see SSLv23_*_method(). 41 42=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) 43 44A TLS/SSL connection established with these methods will only understand the 45TLSv1 protocol. A client will send out TLSv1 client hello messages 46and will indicate that it only understands TLSv1. A server will only understand 47TLSv1 client hello messages. This especially means, that it will 48not understand SSLv2 client hello messages which are widely used for 49compatibility reasons, see SSLv23_*_method(). 50 51=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) 52 53A TLS/SSL connection established with these methods will understand the SSLv2, 54SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages 55and will indicate that it also understands SSLv3 and TLSv1. A server will 56understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best 57choice when compatibility is a concern. 58 59=back 60 61The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, 62SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or 63B<SSL_set_options()> functions. Using these options it is possible to choose 64e.g. SSLv23_server_method() and be able to negotiate with all possible 65clients, but to only allow newer protocols like SSLv3 or TLSv1. 66 67SSL_CTX_new() initializes the list of ciphers, the session cache setting, 68the callbacks, the keys and certificates, and the options to its default 69values. 70 71=head1 RETURN VALUES 72 73The following return values can occur: 74 75=over 4 76 77=item NULL 78 79The creation of a new SSL_CTX object failed. Check the error stack to 80find out the reason. 81 82=item Pointer to an SSL_CTX object 83 84The return value points to an allocated SSL_CTX object. 85 86=back 87 88=head1 SEE ALSO 89 90L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, 91L<ssl(3)|ssl(3)> 92 93=cut 94