168651Skris=pod 268651Skris 368651Skris=head1 NAME 468651Skris 568651SkrisSSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions 668651Skris 768651Skris=head1 SYNOPSIS 868651Skris 968651Skris #include <openssl/ssl.h> 1068651Skris 1168651Skris SSL_CTX *SSL_CTX_new(SSL_METHOD *method); 1268651Skris 1368651Skris=head1 DESCRIPTION 1468651Skris 1568651SkrisSSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish 1668651SkrisTLS/SSL enabled connections. 1768651Skris 1868651Skris=head1 NOTES 1968651Skris 2068651SkrisThe SSL_CTX object uses B<method> as connection method. The methods exist 2168651Skrisin a generic type (for client and server use), a server only type, and a 2268651Skrisclient only type. B<method> can be of the following types: 2368651Skris 2468651Skris=over 4 2568651Skris 2668651Skris=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) 2768651Skris 2868651SkrisA TLS/SSL connection established with these methods will only understand 2968651Skristhe SSLv2 protocol. A client will send out SSLv2 client hello messages 3068651Skrisand will also indicate that it only understand SSLv2. A server will only 3168651Skrisunderstand SSLv2 client hello messages. 3268651Skris 3368651Skris=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) 3468651Skris 3568651SkrisA TLS/SSL connection established with these methods will only understand the 3672613SkrisSSLv3 protocol. A client will send out SSLv3 client hello messages 3772613Skrisand will indicate that it only understands SSLv3. A server will only understand 3872613SkrisSSLv3 client hello messages. This especially means, that it will 3968651Skrisnot understand SSLv2 client hello messages which are widely used for 4068651Skriscompatibility reasons, see SSLv23_*_method(). 4168651Skris 4268651Skris=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) 4368651Skris 4468651SkrisA TLS/SSL connection established with these methods will only understand the 4568651SkrisTLSv1 protocol. A client will send out TLSv1 client hello messages 4668651Skrisand will indicate that it only understands TLSv1. A server will only understand 4768651SkrisTLSv1 client hello messages. This especially means, that it will 4868651Skrisnot understand SSLv2 client hello messages which are widely used for 4972613Skriscompatibility reasons, see SSLv23_*_method(). It will also not understand 5072613SkrisSSLv3 client hello messages. 5168651Skris 5268651Skris=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) 5368651Skris 5468651SkrisA TLS/SSL connection established with these methods will understand the SSLv2, 5568651SkrisSSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages 5668651Skrisand will indicate that it also understands SSLv3 and TLSv1. A server will 5768651Skrisunderstand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best 5868651Skrischoice when compatibility is a concern. 5968651Skris 6068651Skris=back 6168651Skris 6268651SkrisThe list of protocols available can later be limited using the SSL_OP_NO_SSLv2, 6368651SkrisSSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or 6468651SkrisB<SSL_set_options()> functions. Using these options it is possible to choose 6568651Skrise.g. SSLv23_server_method() and be able to negotiate with all possible 6668651Skrisclients, but to only allow newer protocols like SSLv3 or TLSv1. 6768651Skris 6868651SkrisSSL_CTX_new() initializes the list of ciphers, the session cache setting, 6968651Skristhe callbacks, the keys and certificates, and the options to its default 7068651Skrisvalues. 7168651Skris 7268651Skris=head1 RETURN VALUES 7368651Skris 7468651SkrisThe following return values can occur: 7568651Skris 7668651Skris=over 4 7768651Skris 7868651Skris=item NULL 7968651Skris 8068651SkrisThe creation of a new SSL_CTX object failed. Check the error stack to 8168651Skrisfind out the reason. 8268651Skris 8368651Skris=item Pointer to an SSL_CTX object 8468651Skris 8568651SkrisThe return value points to an allocated SSL_CTX object. 8668651Skris 8768651Skris=back 8868651Skris 8968651Skris=head1 SEE ALSO 9068651Skris 9168651SkrisL<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, 9276866SkrisL<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> 9368651Skris 9468651Skris=cut 95