SSL_CTX_new.pod revision 68651 
1=pod
2
3=head1 NAME
4
5SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
12
13=head1 DESCRIPTION
14
15SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish
16TLS/SSL enabled connections.
17
18=head1 NOTES
19
20The SSL_CTX object uses B<method> as connection method. The methods exist
21in a generic type (for client and server use), a server only type, and a
22client only type. B<method> can be of the following types:
23
24=over 4
25
26=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
27
28A TLS/SSL connection established with these methods will only understand
29the SSLv2 protocol. A client will send out SSLv2 client hello messages
30and will also indicate that it only understand SSLv2. A server will only
31understand SSLv2 client hello messages.
32
33=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
34
35A TLS/SSL connection established with these methods will only understand the
36SSLv3 and TLSv1 protocol. A client will send out SSLv3 client hello messages
37and will indicate that it also understands TLSv1. A server will only understand
38SSLv3 and TLSv1 client hello messages. This especially means, that it will
39not understand SSLv2 client hello messages which are widely used for
40compatibility reasons, see SSLv23_*_method().
41
42=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
43
44A TLS/SSL connection established with these methods will only understand the
45TLSv1 protocol. A client will send out TLSv1 client hello messages
46and will indicate that it only understands TLSv1. A server will only understand
47TLSv1 client hello messages. This especially means, that it will
48not understand SSLv2 client hello messages which are widely used for
49compatibility reasons, see SSLv23_*_method().
50
51=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
52
53A TLS/SSL connection established with these methods will understand the SSLv2,
54SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
55and will indicate that it also understands SSLv3 and TLSv1. A server will
56understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
57choice when compatibility is a concern.
58
59=back
60
61The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
62SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
63B<SSL_set_options()> functions. Using these options it is possible to choose
64e.g. SSLv23_server_method() and be able to negotiate with all possible
65clients, but to only allow newer protocols like SSLv3 or TLSv1.
66
67SSL_CTX_new() initializes the list of ciphers, the session cache setting,
68the callbacks, the keys and certificates, and the options to its default
69values.
70
71=head1 RETURN VALUES
72
73The following return values can occur:
74
75=over 4
76
77=item NULL
78
79The creation of a new SSL_CTX object failed. Check the error stack to
80find out the reason.
81
82=item Pointer to an SSL_CTX object
83
84The return value points to an allocated SSL_CTX object.
85
86=back
87
88=head1 SEE ALSO
89
90L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
91L<ssl(3)|ssl(3)>
92
93=cut
94