diff options
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_new.3')
-rw-r--r-- | secure/lib/libcrypto/man/SSL_CTX_new.3 | 80 |
1 files changed, 42 insertions, 38 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CTX_new.3 index ae7108110c86f..a438f6b23f5b4 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_new.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_NEW 3" -.TH SSL_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,12 +198,12 @@ TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_C .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to +\&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections. An \fB\s-1SSL_CTX\s0\fR object is reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the first time increments the reference count. Freeing it (using SSL_CTX_free) decrements it. When the reference count drops to zero, any memory or resources allocated to the -\&\fB\s-1SSL_CTX\s0\fR object are freed. \fISSL_CTX_up_ref()\fR increments the reference count for +\&\fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR increments the reference count for an existing \fB\s-1SSL_CTX\s0\fR structure. .SH "NOTES" .IX Header "NOTES" @@ -207,7 +211,7 @@ The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist in a generic type (for client and server use), a server only type, and a client only type. \&\fBmethod\fR can be of the following types: -.IP "\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR" 4 +.IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4 .IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. The actual protocol version used will be negotiated to the highest version @@ -215,53 +219,53 @@ mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. Applications should use these methods, and avoid the version-specific methods described below. -.IP "\fISSLv23_method()\fR, \fISSLv23_server_method()\fR, \fISSLv23_client_method()\fR" 4 +.IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4 .IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" Use of these functions is deprecated. They have been replaced with the above -\&\fITLS_method()\fR, \fITLS_server_method()\fR and \fITLS_client_method()\fR respectively. New +\&\fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR respectively. New code should use those functions instead. -.IP "\fITLSv1_2_method()\fR, \fITLSv1_2_server_method()\fR, \fITLSv1_2_client_method()\fR" 4 +.IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4 .IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1.2 protocol. -.IP "\fITLSv1_1_method()\fR, \fITLSv1_1_server_method()\fR, \fITLSv1_1_client_method()\fR" 4 +.IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4 .IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1.1 protocol. -.IP "\fITLSv1_method()\fR, \fITLSv1_server_method()\fR, \fITLSv1_client_method()\fR" 4 +.IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4 .IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1 protocol. -.IP "\fISSLv3_method()\fR, \fISSLv3_server_method()\fR, \fISSLv3_client_method()\fR" 4 +.IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4 .IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the SSLv3 protocol. The SSLv3 protocol is deprecated and should not be used. -.IP "\fIDTLS_method()\fR, \fIDTLS_server_method()\fR, \fIDTLS_client_method()\fR" 4 +.IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4 .IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" These are the version-flexible \s-1DTLS\s0 methods. Currently supported protocols are \s-1DTLS 1.0\s0 and \s-1DTLS 1.2.\s0 -.IP "\fIDTLSv1_2_method()\fR, \fIDTLSv1_2_server_method()\fR, \fIDTLSv1_2_client_method()\fR" 4 +.IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4 .IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" These are the version-specific methods for DTLSv1.2. -.IP "\fIDTLSv1_method()\fR, \fIDTLSv1_server_method()\fR, \fIDTLSv1_client_method()\fR" 4 +.IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4 .IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" These are the version-specific methods for DTLSv1. .PP -\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the +\&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates and the options to their default values. .PP -\&\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR, \fIDTLS_method()\fR, -\&\fIDTLS_server_method()\fR and \fIDTLS_client_method()\fR are the \fIversion-flexible\fR +\&\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR, \fBDTLS_method()\fR, +\&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion-flexible\fR methods. All other methods only support one specific protocol version. Use the \fIversion-flexible\fR methods instead of the version specific methods. .PP If you want to limit the supported protocols for the version flexible -methods you can use \fISSL_CTX_set_min_proto_version\fR\|(3), -\&\fISSL_set_min_proto_version\fR\|(3), \fISSL_CTX_set_max_proto_version\fR\|(3) and -\&\fISSL_set_max_proto_version\fR\|(3) functions. -Using these functions it is possible to choose e.g. \fITLS_server_method()\fR +methods you can use \fBSSL_CTX_set_min_proto_version\fR\|(3), +\&\fBSSL_set_min_proto_version\fR\|(3), \fBSSL_CTX_set_max_proto_version\fR\|(3) and +\&\fBSSL_set_max_proto_version\fR\|(3) functions. +Using these functions it is possible to choose e.g. \fBTLS_server_method()\fR and be able to negotiate with all possible clients, but to only allow newer protocols like \s-1TLS 1.0, TLS 1.1, TLS 1.2\s0 or \s-1TLS 1.3.\s0 .PP @@ -269,7 +273,7 @@ The list of protocols available can also be limited using the \&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR, \&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR options of the -\&\fISSL_CTX_set_options\fR\|(3) or \fISSL_set_options\fR\|(3) functions, but this approach +\&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions, but this approach is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of protocols they support. When disabling a protocol, make sure that you also disable either all previous or all subsequent protocol versions. @@ -278,7 +282,7 @@ previous protocol versions, the effect is to also disable all subsequent protocol versions. .PP The SSLv3 protocol is deprecated and should generally not be used. -Applications should typically use \fISSL_CTX_set_min_proto_version\fR\|(3) to set +Applications should typically use \fBSSL_CTX_set_min_proto_version\fR\|(3) to set the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -291,22 +295,22 @@ the reason. .IX Item "Pointer to an SSL_CTX object" The return value points to an allocated \s-1SSL_CTX\s0 object. .Sp -\&\fISSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. +\&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. .SH "HISTORY" .IX Header "HISTORY" -Support for SSLv2 and the corresponding \fISSLv2_method()\fR, -\&\fISSLv2_server_method()\fR and \fISSLv2_client_method()\fR functions where +Support for SSLv2 and the corresponding \fBSSLv2_method()\fR, +\&\fBSSLv2_server_method()\fR and \fBSSLv2_client_method()\fR functions where removed in OpenSSL 1.1.0. .PP -\&\fISSLv23_method()\fR, \fISSLv23_server_method()\fR and \fISSLv23_client_method()\fR -were deprecated and the preferred \fITLS_method()\fR, \fITLS_server_method()\fR -and \fITLS_client_method()\fR functions were introduced in OpenSSL 1.1.0. +\&\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR and \fBSSLv23_client_method()\fR +were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR +and \fBTLS_client_method()\fR functions were introduced in OpenSSL 1.1.0. .PP All version-specific methods were deprecated in OpenSSL 1.1.0. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_CTX_set_min_proto_version\fR\|(3), \fIssl\fR\|(7), \fISSL_set_connect_state\fR\|(3) +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. |