Sortix main manual
This manual documents Sortix main. You can instead view this document in the latest official manual.
NAME
SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support — manipulate SSL optionsSYNOPSIS
#include <openssl/ssl.h>SSL_CTX_set_options(SSL_CTX *ctx, long options);
SSL_set_options(SSL *ssl, long options);
SSL_CTX_clear_options(SSL_CTX *ctx, long options);
SSL_clear_options(SSL *ssl, long options);
SSL_CTX_get_options(SSL_CTX *ctx);
SSL_get_options(SSL *ssl);
SSL_get_secure_renegotiation_support(SSL *ssl);
DESCRIPTION
SSL_CTX_set_options() adds the options set via bitmask in options to ctx. Options already set before are not cleared!- SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
- Disables a countermeasure against a TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL implementations. This option has no effect for connections using other ciphers.
- SSL_OP_ALL
- This is currently an alias for SSL_OP_LEGACY_SERVER_CONNECT.
- SSL_OP_CIPHER_SERVER_PREFERENCE
- When choosing a cipher, use the server's preferences instead of the client preferences. When not set, the server will always follow the client's preferences. When set, the server will choose following its own preferences.
- SSL_OP_COOKIE_EXCHANGE
- Turn on Cookie Exchange as described in RFC 4347 Section 4.2.1. Only affects DTLS connections.
- SSL_OP_LEGACY_SERVER_CONNECT
- Allow legacy insecure renegotiation between OpenSSL and unpatched servers only: this option is currently set by default. See the SECURE RENEGOTIATION section for more details.
- SSL_OP_NO_DTLSv1
- Do not use the DTLSv1 protocol. Deprecated; use SSL_CTX_set_min_proto_version(3) instead.
- SSL_OP_NO_DTLSv1_2
- Do not use the DTLSv1.2 protocol. Deprecated; use SSL_CTX_set_min_proto_version(3) instead.
- SSL_OP_NO_QUERY_MTU
- Do not query the MTU. Only affects DTLS connections.
- SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial handshake). This option is not needed for clients.
- SSL_OP_NO_TICKET
-
Normally clients and servers using TLSv1.2 and earlier will, where possible, transparently make use of RFC 5077 tickets for stateless session resumption.
- SSL_OP_NO_TLSv1
- Do not use the TLSv1.0 protocol. Deprecated; use SSL_CTX_set_min_proto_version(3) instead.
- SSL_OP_NO_TLSv1_1
- Do not use the TLSv1.1 protocol. Deprecated; use SSL_CTX_set_min_proto_version(3) instead.
- SSL_OP_NO_TLSv1_2
- Do not use the TLSv1.2 protocol. Deprecated; use SSL_CTX_set_max_proto_version(3) instead.