SSL_CTX_new.pod revision 76866
1=pod 2 3=head1 NAME 4 5SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions 6 7=head1 SYNOPSIS 8 9 #include <openssl/ssl.h> 10 11 SSL_CTX *SSL_CTX_new(SSL_METHOD *method); 12 13=head1 DESCRIPTION 14 15SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish 16TLS/SSL enabled connections. 17 18=head1 NOTES 19 20The SSL_CTX object uses B<method> as connection method. The methods exist 21in a generic type (for client and server use), a server only type, and a 22client only type. B<method> can be of the following types: 23 24=over 4 25 26=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) 27 28A TLS/SSL connection established with these methods will only understand 29the SSLv2 protocol. A client will send out SSLv2 client hello messages 30and will also indicate that it only understand SSLv2. A server will only 31understand SSLv2 client hello messages. 32 33=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) 34 35A TLS/SSL connection established with these methods will only understand the 36SSLv3 protocol. A client will send out SSLv3 client hello messages 37and will indicate that it only understands SSLv3. A server will only understand 38SSLv3 client hello messages. This especially means, that it will 39not understand SSLv2 client hello messages which are widely used for 40compatibility reasons, see SSLv23_*_method(). 41 42=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) 43 44A TLS/SSL connection established with these methods will only understand the 45TLSv1 protocol. A client will send out TLSv1 client hello messages 46and will indicate that it only understands TLSv1. A server will only understand 47TLSv1 client hello messages. This especially means, that it will 48not understand SSLv2 client hello messages which are widely used for 49compatibility reasons, see SSLv23_*_method(). It will also not understand 50SSLv3 client hello messages. 51 52=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) 53 54A TLS/SSL connection established with these methods will understand the SSLv2, 55SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages 56and will indicate that it also understands SSLv3 and TLSv1. A server will 57understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best 58choice when compatibility is a concern. 59 60=back 61 62If a generic method is used, it is necessary to explicitly set client or 63server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> 64or SSL_set_accept_state(). 65 66The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, 67SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or 68B<SSL_set_options()> functions. Using these options it is possible to choose 69e.g. SSLv23_server_method() and be able to negotiate with all possible 70clients, but to only allow newer protocols like SSLv3 or TLSv1. 71 72SSL_CTX_new() initializes the list of ciphers, the session cache setting, 73the callbacks, the keys and certificates, and the options to its default 74values. 75 76=head1 RETURN VALUES 77 78The following return values can occur: 79 80=over 4 81 82=item NULL 83 84The creation of a new SSL_CTX object failed. Check the error stack to 85find out the reason. 86 87=item Pointer to an SSL_CTX object 88 89The return value points to an allocated SSL_CTX object. 90 91=back 92 93=head1 SEE ALSO 94 95L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, 96L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> 97 98=cut 99