1SSL_CTX_NEW(3)                      OpenSSL                     SSL_CTX_NEW(3)
2
3
4

NAME

6       TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
7       SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method,
8       SSLv3_client_method, TLSv1_method, TLSv1_server_method,
9       TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method,
10       TLSv1_1_client_method, TLS_method, TLS_server_method,
11       TLS_client_method, SSLv23_method, SSLv23_server_method,
12       SSLv23_client_method, DTLS_method, DTLS_server_method,
13       DTLS_client_method, DTLSv1_method, DTLSv1_server_method,
14       DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method,
15       DTLSv1_2_client_method - create a new SSL_CTX object as framework for
16       TLS/SSL or DTLS enabled functions
17

SYNOPSIS

19        #include <openssl/ssl.h>
20
21        SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
22        int SSL_CTX_up_ref(SSL_CTX *ctx);
23
24        const SSL_METHOD *TLS_method(void);
25        const SSL_METHOD *TLS_server_method(void);
26        const SSL_METHOD *TLS_client_method(void);
27
28        const SSL_METHOD *SSLv23_method(void);
29        const SSL_METHOD *SSLv23_server_method(void);
30        const SSL_METHOD *SSLv23_client_method(void);
31
32        #ifndef OPENSSL_NO_SSL3_METHOD
33        const SSL_METHOD *SSLv3_method(void);
34        const SSL_METHOD *SSLv3_server_method(void);
35        const SSL_METHOD *SSLv3_client_method(void);
36        #endif
37
38        #ifndef OPENSSL_NO_TLS1_METHOD
39        const SSL_METHOD *TLSv1_method(void);
40        const SSL_METHOD *TLSv1_server_method(void);
41        const SSL_METHOD *TLSv1_client_method(void);
42        #endif
43
44        #ifndef OPENSSL_NO_TLS1_1_METHOD
45        const SSL_METHOD *TLSv1_1_method(void);
46        const SSL_METHOD *TLSv1_1_server_method(void);
47        const SSL_METHOD *TLSv1_1_client_method(void);
48        #endif
49
50        #ifndef OPENSSL_NO_TLS1_2_METHOD
51        const SSL_METHOD *TLSv1_2_method(void);
52        const SSL_METHOD *TLSv1_2_server_method(void);
53        const SSL_METHOD *TLSv1_2_client_method(void);
54        #endif
55
56        const SSL_METHOD *DTLS_method(void);
57        const SSL_METHOD *DTLS_server_method(void);
58        const SSL_METHOD *DTLS_client_method(void);
59
60        #ifndef OPENSSL_NO_DTLS1_METHOD
61        const SSL_METHOD *DTLSv1_method(void);
62        const SSL_METHOD *DTLSv1_server_method(void);
63        const SSL_METHOD *DTLSv1_client_method(void);
64        #endif
65
66        #ifndef OPENSSL_NO_DTLS1_2_METHOD
67        const SSL_METHOD *DTLSv1_2_method(void);
68        const SSL_METHOD *DTLSv1_2_server_method(void);
69        const SSL_METHOD *DTLSv1_2_client_method(void);
70        #endif
71

DESCRIPTION

73       SSL_CTX_new() creates a new SSL_CTX object as framework to establish
74       TLS/SSL or DTLS enabled connections. An SSL_CTX object is reference
75       counted. Creating an SSL_CTX object for the first time increments the
76       reference count. Freeing it (using SSL_CTX_free) decrements it. When
77       the reference count drops to zero, any memory or resources allocated to
78       the SSL_CTX object are freed. SSL_CTX_up_ref() increments the reference
79       count for an existing SSL_CTX structure.
80

NOTES

82       The SSL_CTX object uses method as connection method.  The methods exist
83       in a generic type (for client and server use), a server only type, and
84       a client only type.  method can be of the following types:
85
86       TLS_method(), TLS_server_method(), TLS_client_method()
87           These are the general-purpose version-flexible SSL/TLS methods.
88           The actual protocol version used will be negotiated to the highest
89           version mutually supported by the client and the server.  The
90           supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
91           Applications should use these methods, and avoid the version-
92           specific methods described below.
93
94       SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
95           Use of these functions is deprecated. They have been replaced with
96           the above TLS_method(), TLS_server_method() and TLS_client_method()
97           respectively. New code should use those functions instead.
98
99       TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
100           A TLS/SSL connection established with these methods will only
101           understand the TLSv1.2 protocol.
102
103       TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
104           A TLS/SSL connection established with these methods will only
105           understand the TLSv1.1 protocol.
106
107       TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
108           A TLS/SSL connection established with these methods will only
109           understand the TLSv1 protocol.
110
111       SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
112           A TLS/SSL connection established with these methods will only
113           understand the SSLv3 protocol.  The SSLv3 protocol is deprecated
114           and should not be used.
115
116       DTLS_method(), DTLS_server_method(), DTLS_client_method()
117           These are the version-flexible DTLS methods.  Currently supported
118           protocols are DTLS 1.0 and DTLS 1.2.
119
120       DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
121           These are the version-specific methods for DTLSv1.2.
122
123       DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
124           These are the version-specific methods for DTLSv1.
125
126       SSL_CTX_new() initializes the list of ciphers, the session cache
127       setting, the callbacks, the keys and certificates and the options to
128       their default values.
129
130       TLS_method(), TLS_server_method(), TLS_client_method(), DTLS_method(),
131       DTLS_server_method() and DTLS_client_method() are the version-flexible
132       methods.  All other methods only support one specific protocol version.
133       Use the version-flexible methods instead of the version specific
134       methods.
135
136       If you want to limit the supported protocols for the version flexible
137       methods you can use SSL_CTX_set_min_proto_version(3),
138       SSL_set_min_proto_version(3), SSL_CTX_set_max_proto_version(3) and
139       SSL_set_max_proto_version(3) functions.  Using these functions it is
140       possible to choose e.g. TLS_server_method() and be able to negotiate
141       with all possible clients, but to only allow newer protocols like TLS
142       1.0, TLS 1.1, TLS 1.2 or TLS 1.3.
143
144       The list of protocols available can also be limited using the
145       SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_3,
146       SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_3 options of the
147       SSL_CTX_set_options(3) or SSL_set_options(3) functions, but this
148       approach is not recommended. Clients should avoid creating "holes" in
149       the set of protocols they support. When disabling a protocol, make sure
150       that you also disable either all previous or all subsequent protocol
151       versions.  In clients, when a protocol version is disabled without
152       disabling all previous protocol versions, the effect is to also disable
153       all subsequent protocol versions.
154
155       The SSLv3 protocol is deprecated and should generally not be used.
156       Applications should typically use SSL_CTX_set_min_proto_version(3) to
157       set the minimum protocol to at least TLS1_VERSION.
158

RETURN VALUES

160       The following return values can occur:
161
162       NULL
163           The creation of a new SSL_CTX object failed. Check the error stack
164           to find out the reason.
165
166       Pointer to an SSL_CTX object
167           The return value points to an allocated SSL_CTX object.
168
169           SSL_CTX_up_ref() returns 1 for success and 0 for failure.
170

SEE ALSO

172       SSL_CTX_set_options(3), SSL_CTX_free(3), SSL_accept(3),
173       SSL_CTX_set_min_proto_version(3), ssl(7), SSL_set_connect_state(3)
174

HISTORY

176       Support for SSLv2 and the corresponding SSLv2_method(),
177       SSLv2_server_method() and SSLv2_client_method() functions where removed
178       in OpenSSL 1.1.0.
179
180       SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were
181       deprecated and the preferred TLS_method(), TLS_server_method() and
182       TLS_client_method() functions were added in OpenSSL 1.1.0.
183
184       All version-specific methods were deprecated in OpenSSL 1.1.0.
185
187       Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
188
189       Licensed under the OpenSSL license (the "License").  You may not use
190       this file except in compliance with the License.  You can obtain a copy
191       in the file LICENSE in the source distribution or at
192       <https://www.openssl.org/source/license.html>.
193
194
195
1961.1.1c                            2019-05-28                    SSL_CTX_NEW(3)
Impressum