1=pod 2 3=head1 NAME 4 5SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions 6 7=head1 SYNOPSIS 8 9 #include <openssl/ssl.h> 10 11 SSL_CTX *SSL_CTX_new(SSL_METHOD *method); 12 13=head1 DESCRIPTION 14 15SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish 16TLS/SSL enabled connections. 17 18=head1 NOTES 19 20The SSL_CTX object uses B<method> as connection method. The methods exist 21in a generic type (for client and server use), a server only type, and a 22client only type. B<method> can be of the following types: 23 24=over 4 25 26=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) 27 28A TLS/SSL connection established with these methods will only understand 29the SSLv2 protocol. A client will send out SSLv2 client hello messages 30and will also indicate that it only understand SSLv2. A server will only 31understand SSLv2 client hello messages. 32 33=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) 34 35A TLS/SSL connection established with these methods will only understand the 36SSLv3 protocol. A client will send out SSLv3 client hello messages 37and will indicate that it only understands SSLv3. A server will only understand 38SSLv3 client hello messages. This especially means, that it will 39not understand SSLv2 client hello messages which are widely used for 40compatibility reasons, see SSLv23_*_method(). 41 42=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) 43 44A TLS/SSL connection established with these methods will only understand the 45TLSv1 protocol. A client will send out TLSv1 client hello messages 46and will indicate that it only understands TLSv1. A server will only understand 47TLSv1 client hello messages. This especially means, that it will 48not understand SSLv2 client hello messages which are widely used for 49compatibility reasons, see SSLv23_*_method(). It will also not understand 50SSLv3 client hello messages. 51 52=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) 53 54A TLS/SSL connection established with these methods will understand the SSLv2, 55SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages 56and will indicate that it also understands SSLv3 and TLSv1. A server will 57understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best 58choice when compatibility is a concern. 59 60=back 61 62The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, 63SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or 64B<SSL_set_options()> functions. Using these options it is possible to choose 65e.g. SSLv23_server_method() and be able to negotiate with all possible 66clients, but to only allow newer protocols like SSLv3 or TLSv1. 67 68SSL_CTX_new() initializes the list of ciphers, the session cache setting, 69the callbacks, the keys and certificates, and the options to its default 70values. 71 72=head1 RETURN VALUES 73 74The following return values can occur: 75 76=over 4 77 78=item NULL 79 80The creation of a new SSL_CTX object failed. Check the error stack to 81find out the reason. 82 83=item Pointer to an SSL_CTX object 84 85The return value points to an allocated SSL_CTX object. 86 87=back 88 89=head1 SEE ALSO 90 91L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, 92L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> 93 94=cut 95