openssl/doc/ssl/SSL_CTX_new.pod

=pod

=head1 NAME

SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method - create a new SSL_CTX object as framework for TLS/SSL enabled functions

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);

=head1 DESCRIPTION

SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish
TLS/SSL enabled connections.

=head1 NOTES

The SSL_CTX object uses B<method> as connection method. The methods exist
in a generic type (for client and server use), a server only type, and a
client only type. B<method> can be of the following types:

=over 4

=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)

A TLS/SSL connection established with these methods will only understand the
SSLv3 protocol. A client will send out SSLv3 client hello messages
and will indicate that it only understands SSLv3. A server will only understand
SSLv3 client hello messages.

=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)

A TLS/SSL connection established with these methods will only understand the
TLSv1 protocol. A client will send out TLSv1 client hello messages
and will indicate that it only understands TLSv1. A server will only understand
TLSv1 client hello messages.

=item TLSv1_1_method(void), TLSv1_1_server_method(void), TLSv1_1_client_method(void)

A TLS/SSL connection established with these methods will only understand the
TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages
and will indicate that it only understands TLSv1.1. A server will only
understand TLSv1.1 client hello messages.

=item TLSv1_2_method(void), TLSv1_2_server_method(void), TLSv1_2_client_method(void)

A TLS/SSL connection established with these methods will only understand the
TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages
and will indicate that it only understands TLSv1.2. A server will only
understand TLSv1.2 client hello messages.

=item TLS_method(void), TLS_server_method(void), TLS_client_method(void)

A TLS/SSL connection established with these methods may understand the
SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.

If extensions are required (for example server name)
a client will send out TLSv1 client hello messages including extensions and
will indicate that it also understands TLSv1.1, TLSv1.2 and permits a
fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2
protocols. This is the best choice when compatibility is a concern.

=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)

Use of these functions is deprecated. They have been replaced with TLS_Method(),
TLS_server_method() and TLS_client_method() respectively. New code should use
those functions instead.

=back

The list of protocols available can later be limited using the
SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2
options of the SSL_CTX_set_options() or SSL_set_options() functions.
Using these options it is possible to choose e.g. TLS_server_method() and
be able to negotiate with all possible clients, but to only allow newer
protocols like TLSv1, TLSv1.1 or TLS v1.2.

Applications which never want to support SSLv3 can set SSL_OP_NO_SSLv3.

SSL_CTX_new() initializes the list of ciphers, the session cache setting,
the callbacks, the keys and certificates and the options to its default
values.

=head1 RETURN VALUES

The following return values can occur:

=over 4

=item NULL

The creation of a new SSL_CTX object failed. Check the error stack to
find out the reason.

=item Pointer to an SSL_CTX object

The return value points to an allocated SSL_CTX object.

=back

=head1 HISTORY

SSLv2_method, SSLv2_server_method and SSLv2_client_method where removed in
OpenSSL 1.1.0. SSLv23_method, SSLv23_server_method and SSLv23_client_method were
deprecated and TLS_method, TLS_server_method and TLS_client_method
were introduced in OpenSSL 1.1.0.

=head1 SEE ALSO

L<SSL_CTX_free(3)>, L<SSL_accept(3)>,
L<ssl(3)>,  L<SSL_set_connect_state(3)>

=cut
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00			`=pod`

			`=head1 NAME`

Version negotiation rewrite doc updates Update various documentation references to the new TLS_*_method names. Also add a CHANGES entry. Reviewed-by: Kurt Roeckx <kurt@openssl.org> 2015-03-31 13:29:53 +00:00			`SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method - create a new SSL_CTX object as framework for TLS/SSL enabled functions`
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00
			`=head1 SYNOPSIS`

			`#include <openssl/ssl.h>`

Let the TLSv1_method() etc. functions return a const SSL_METHOD pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const. 2005-08-14 21:48:33 +00:00			`SSL_CTX SSL_CTX_new(const SSL_METHOD method);`
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00
			`=head1 DESCRIPTION`

			`SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish`
			`TLS/SSL enabled connections.`

			`=head1 NOTES`

			`The SSL_CTX object uses B<method> as connection method. The methods exist`
			`in a generic type (for client and server use), a server only type, and a`
			`client only type. B<method> can be of the following types:`

			`=over 4`

			`=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)`

			`A TLS/SSL connection established with these methods will only understand the`
correction from Lutz 2000-10-19 15:19:41 +00:00			`SSLv3 protocol. A client will send out SSLv3 client hello messages`
			`and will indicate that it only understands SSLv3. A server will only understand`
Version negotiation rewrite doc updates Update various documentation references to the new TLS_*_method names. Also add a CHANGES entry. Reviewed-by: Kurt Roeckx <kurt@openssl.org> 2015-03-31 13:29:53 +00:00			`SSLv3 client hello messages.`
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00
			`=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)`

			`A TLS/SSL connection established with these methods will only understand the`
			`TLSv1 protocol. A client will send out TLSv1 client hello messages`
			`and will indicate that it only understands TLSv1. A server will only understand`
Version negotiation rewrite doc updates Update various documentation references to the new TLS_*_method names. Also add a CHANGES entry. Reviewed-by: Kurt Roeckx <kurt@openssl.org> 2015-03-31 13:29:53 +00:00			`TLSv1 client hello messages.`
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00
add SSL_CONF functions and documentation 2012-11-16 19:12:24 +00:00			`=item TLSv1_1_method(void), TLSv1_1_server_method(void), TLSv1_1_client_method(void)`

			`A TLS/SSL connection established with these methods will only understand the`
			`TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages`
			`and will indicate that it only understands TLSv1.1. A server will only`
Version negotiation rewrite doc updates Update various documentation references to the new TLS_*_method names. Also add a CHANGES entry. Reviewed-by: Kurt Roeckx <kurt@openssl.org> 2015-03-31 13:29:53 +00:00			`understand TLSv1.1 client hello messages.`
add SSL_CONF functions and documentation 2012-11-16 19:12:24 +00:00
Version negotiation rewrite doc updates Update various documentation references to the new TLS_*_method names. Also add a CHANGES entry. Reviewed-by: Kurt Roeckx <kurt@openssl.org> 2015-03-31 13:29:53 +00:00			`=item TLSv1_2_method(void), TLSv1_2_server_method(void), TLSv1_2_client_method(void)`

			`A TLS/SSL connection established with these methods will only understand the`
			`TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages`
			`and will indicate that it only understands TLSv1.2. A server will only`
			`understand TLSv1.2 client hello messages.`

			`=item TLS_method(void), TLS_server_method(void), TLS_client_method(void)`
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00
Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org> 2014-11-30 14:35:22 +00:00			`A TLS/SSL connection established with these methods may understand the`
Clarify protocols supported. Update protocols supported and note that SSLv2 is effectively disabled by default. PR#3184 2014-06-28 20:54:13 +00:00			`SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.`

Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org> 2014-11-30 14:35:22 +00:00			`If extensions are required (for example server name)`
Clarify protocols supported. Update protocols supported and note that SSLv2 is effectively disabled by default. PR#3184 2014-06-28 20:54:13 +00:00			`a client will send out TLSv1 client hello messages including extensions and`
			`will indicate that it also understands TLSv1.1, TLSv1.2 and permits a`
			`fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2`
			`protocols. This is the best choice when compatibility is a concern.`

Version negotiation rewrite doc updates Update various documentation references to the new TLS_*_method names. Also add a CHANGES entry. Reviewed-by: Kurt Roeckx <kurt@openssl.org> 2015-03-31 13:29:53 +00:00			`=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)`

			`Use of these functions is deprecated. They have been replaced with TLS_Method(),`
			`TLS_server_method() and TLS_client_method() respectively. New code should use`
			`those functions instead.`

New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00			`=back`

Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org> 2014-11-30 14:35:22 +00:00			`The list of protocols available can later be limited using the`
Clarify protocols supported. Update protocols supported and note that SSLv2 is effectively disabled by default. PR#3184 2014-06-28 20:54:13 +00:00			`SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2`
			`options of the SSL_CTX_set_options() or SSL_set_options() functions.`
Don't use SSLv23_server_method in an example The function SSLv23_server_method() is an old name. New code should use TLS_server_method() instead. Therefore don't use SSLv23_server_method() in an example in the docs. Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-10-21 13:40:15 +00:00			`Using these options it is possible to choose e.g. TLS_server_method() and`
Clarify protocols supported. Update protocols supported and note that SSLv2 is effectively disabled by default. PR#3184 2014-06-28 20:54:13 +00:00			`be able to negotiate with all possible clients, but to only allow newer`
			`protocols like TLSv1, TLSv1.1 or TLS v1.2.`

Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org> 2014-11-30 14:35:22 +00:00			`Applications which never want to support SSLv3 can set SSL_OP_NO_SSLv3.`
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00
			`SSL_CTX_new() initializes the list of ciphers, the session cache setting,`
Clarify protocols supported. Update protocols supported and note that SSLv2 is effectively disabled by default. PR#3184 2014-06-28 20:54:13 +00:00			`the callbacks, the keys and certificates and the options to its default`
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00			`values.`

			`=head1 RETURN VALUES`

			`The following return values can occur:`

			`=over 4`

			`=item NULL`

			`The creation of a new SSL_CTX object failed. Check the error stack to`
			`find out the reason.`

			`=item Pointer to an SSL_CTX object`

			`The return value points to an allocated SSL_CTX object.`

			`=back`

Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org> 2014-11-30 14:35:22 +00:00			`=head1 HISTORY`

			`SSLv2_method, SSLv2_server_method and SSLv2_client_method where removed in`
Version negotiation rewrite doc updates Update various documentation references to the new TLS_*_method names. Also add a CHANGES entry. Reviewed-by: Kurt Roeckx <kurt@openssl.org> 2015-03-31 13:29:53 +00:00			`OpenSSL 1.1.0. SSLv23_method, SSLv23_server_method and SSLv23_client_method were`
			`deprecated and TLS_method, TLS_server_method and TLS_client_method`
			`were introduced in OpenSSL 1.1.0.`
Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org> 2014-11-30 14:35:22 +00:00
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00			`=head1 SEE ALSO`

Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-17 19:21:33 +00:00			`L<SSL_CTX_free(3)>, L<SSL_accept(3)>,`
			`L<ssl(3)>, L<SSL_set_connect_state(3)>`
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00
			`=cut`