| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version,
|
|---|
| 6 | SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version,
|
|---|
| 7 | SSL_set_min_proto_version, SSL_set_max_proto_version,
|
|---|
| 8 | SSL_get_min_proto_version, SSL_get_max_proto_version - Get and set minimum
|
|---|
| 9 | and maximum supported protocol version
|
|---|
| 10 |
|
|---|
| 11 | =head1 SYNOPSIS
|
|---|
| 12 |
|
|---|
| 13 | #include <openssl/ssl.h>
|
|---|
| 14 |
|
|---|
| 15 | int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
|
|---|
| 16 | int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
|
|---|
| 17 | int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
|
|---|
| 18 | int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
|
|---|
| 19 |
|
|---|
| 20 | int SSL_set_min_proto_version(SSL *ssl, int version);
|
|---|
| 21 | int SSL_set_max_proto_version(SSL *ssl, int version);
|
|---|
| 22 | int SSL_get_min_proto_version(SSL *ssl);
|
|---|
| 23 | int SSL_get_max_proto_version(SSL *ssl);
|
|---|
| 24 |
|
|---|
| 25 | =head1 DESCRIPTION
|
|---|
| 26 |
|
|---|
| 27 | The functions get or set the minimum and maximum supported protocol versions
|
|---|
| 28 | for the B<ctx> or B<ssl>.
|
|---|
| 29 | This works in combination with the options set via
|
|---|
| 30 | L<SSL_CTX_set_options(3)> that also make it possible to disable
|
|---|
| 31 | specific protocol versions.
|
|---|
| 32 | Use these functions instead of disabling specific protocol versions.
|
|---|
| 33 |
|
|---|
| 34 | Setting the minimum or maximum version to 0, will enable protocol
|
|---|
| 35 | versions down to the lowest version, or up to the highest version
|
|---|
| 36 | supported by the library, respectively.
|
|---|
| 37 |
|
|---|
| 38 | Getters return 0 in case B<ctx> or B<ssl> have been configured to
|
|---|
| 39 | automatically use the lowest or highest version supported by the library.
|
|---|
| 40 |
|
|---|
| 41 | Currently supported versions are B<SSL3_VERSION>, B<TLS1_VERSION>,
|
|---|
| 42 | B<TLS1_1_VERSION>, B<TLS1_2_VERSION>, B<TLS1_3_VERSION> for TLS and
|
|---|
| 43 | B<DTLS1_VERSION>, B<DTLS1_2_VERSION> for DTLS.
|
|---|
| 44 |
|
|---|
| 45 | In the current version of OpenSSL only QUICv1 is supported in conjunction with
|
|---|
| 46 | TLSv1.3. Calling these functions on a QUIC object has no effect.
|
|---|
| 47 |
|
|---|
| 48 | =head1 RETURN VALUES
|
|---|
| 49 |
|
|---|
| 50 | These setter functions return 1 on success and 0 on failure. The getter
|
|---|
| 51 | functions return the configured version or 0 for auto-configuration of
|
|---|
| 52 | lowest or highest protocol, respectively.
|
|---|
| 53 |
|
|---|
| 54 | =head1 NOTES
|
|---|
| 55 |
|
|---|
| 56 | All these functions are implemented using macros.
|
|---|
| 57 |
|
|---|
| 58 | =head1 SEE ALSO
|
|---|
| 59 |
|
|---|
| 60 | L<ssl(7)>,
|
|---|
| 61 | L<SSL_CTX_set_options(3)>, L<SSL_CONF_cmd(3)>
|
|---|
| 62 |
|
|---|
| 63 | =head1 HISTORY
|
|---|
| 64 |
|
|---|
| 65 | The setter functions were added in OpenSSL 1.1.0. The getter functions
|
|---|
| 66 | were added in OpenSSL 1.1.1.
|
|---|
| 67 |
|
|---|
| 68 | =head1 COPYRIGHT
|
|---|
| 69 |
|
|---|
| 70 | Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 71 |
|
|---|
| 72 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 73 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 74 | in the file LICENSE in the source distribution or at
|
|---|
| 75 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 76 |
|
|---|
| 77 | =cut
|
|---|
