summaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/SSL_CTX_new.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_new.3')
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_new.380
1 files changed, 42 insertions, 38 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CTX_new.3
index ae7108110c86f..a438f6b23f5b4 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_new.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_NEW 3"
-.TH SSL_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -194,12 +198,12 @@ TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_C
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to
+\&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to
establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections. An \fB\s-1SSL_CTX\s0\fR object is
reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the first time increments
the reference count. Freeing it (using SSL_CTX_free) decrements it. When the
reference count drops to zero, any memory or resources allocated to the
-\&\fB\s-1SSL_CTX\s0\fR object are freed. \fISSL_CTX_up_ref()\fR increments the reference count for
+\&\fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR increments the reference count for
an existing \fB\s-1SSL_CTX\s0\fR structure.
.SH "NOTES"
.IX Header "NOTES"
@@ -207,7 +211,7 @@ The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method.
The methods exist in a generic type (for client and server use), a server only
type, and a client only type.
\&\fBmethod\fR can be of the following types:
-.IP "\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR" 4
+.IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4
.IX Item "TLS_method(), TLS_server_method(), TLS_client_method()"
These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods.
The actual protocol version used will be negotiated to the highest version
@@ -215,53 +219,53 @@ mutually supported by the client and the server.
The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
Applications should use these methods, and avoid the version-specific
methods described below.
-.IP "\fISSLv23_method()\fR, \fISSLv23_server_method()\fR, \fISSLv23_client_method()\fR" 4
+.IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4
.IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()"
Use of these functions is deprecated. They have been replaced with the above
-\&\fITLS_method()\fR, \fITLS_server_method()\fR and \fITLS_client_method()\fR respectively. New
+\&\fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR respectively. New
code should use those functions instead.
-.IP "\fITLSv1_2_method()\fR, \fITLSv1_2_server_method()\fR, \fITLSv1_2_client_method()\fR" 4
+.IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4
.IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()"
A \s-1TLS/SSL\s0 connection established with these methods will only understand the
TLSv1.2 protocol.
-.IP "\fITLSv1_1_method()\fR, \fITLSv1_1_server_method()\fR, \fITLSv1_1_client_method()\fR" 4
+.IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4
.IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()"
A \s-1TLS/SSL\s0 connection established with these methods will only understand the
TLSv1.1 protocol.
-.IP "\fITLSv1_method()\fR, \fITLSv1_server_method()\fR, \fITLSv1_client_method()\fR" 4
+.IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4
.IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()"
A \s-1TLS/SSL\s0 connection established with these methods will only understand the
TLSv1 protocol.
-.IP "\fISSLv3_method()\fR, \fISSLv3_server_method()\fR, \fISSLv3_client_method()\fR" 4
+.IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4
.IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()"
A \s-1TLS/SSL\s0 connection established with these methods will only understand the
SSLv3 protocol.
The SSLv3 protocol is deprecated and should not be used.
-.IP "\fIDTLS_method()\fR, \fIDTLS_server_method()\fR, \fIDTLS_client_method()\fR" 4
+.IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4
.IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()"
These are the version-flexible \s-1DTLS\s0 methods.
Currently supported protocols are \s-1DTLS 1.0\s0 and \s-1DTLS 1.2.\s0
-.IP "\fIDTLSv1_2_method()\fR, \fIDTLSv1_2_server_method()\fR, \fIDTLSv1_2_client_method()\fR" 4
+.IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4
.IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()"
These are the version-specific methods for DTLSv1.2.
-.IP "\fIDTLSv1_method()\fR, \fIDTLSv1_server_method()\fR, \fIDTLSv1_client_method()\fR" 4
+.IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4
.IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()"
These are the version-specific methods for DTLSv1.
.PP
-\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the
+\&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the
callbacks, the keys and certificates and the options to their default values.
.PP
-\&\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR, \fIDTLS_method()\fR,
-\&\fIDTLS_server_method()\fR and \fIDTLS_client_method()\fR are the \fIversion-flexible\fR
+\&\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR, \fBDTLS_method()\fR,
+\&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion-flexible\fR
methods.
All other methods only support one specific protocol version.
Use the \fIversion-flexible\fR methods instead of the version specific methods.
.PP
If you want to limit the supported protocols for the version flexible
-methods you can use \fISSL_CTX_set_min_proto_version\fR\|(3),
-\&\fISSL_set_min_proto_version\fR\|(3), \fISSL_CTX_set_max_proto_version\fR\|(3) and
-\&\fISSL_set_max_proto_version\fR\|(3) functions.
-Using these functions it is possible to choose e.g. \fITLS_server_method()\fR
+methods you can use \fBSSL_CTX_set_min_proto_version\fR\|(3),
+\&\fBSSL_set_min_proto_version\fR\|(3), \fBSSL_CTX_set_max_proto_version\fR\|(3) and
+\&\fBSSL_set_max_proto_version\fR\|(3) functions.
+Using these functions it is possible to choose e.g. \fBTLS_server_method()\fR
and be able to negotiate with all possible clients, but to only
allow newer protocols like \s-1TLS 1.0, TLS 1.1, TLS 1.2\s0 or \s-1TLS 1.3.\s0
.PP
@@ -269,7 +273,7 @@ The list of protocols available can also be limited using the
\&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR,
\&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR
options of the
-\&\fISSL_CTX_set_options\fR\|(3) or \fISSL_set_options\fR\|(3) functions, but this approach
+\&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions, but this approach
is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of
protocols they support. When disabling a protocol, make sure that you also
disable either all previous or all subsequent protocol versions.
@@ -278,7 +282,7 @@ previous protocol versions, the effect is to also disable all subsequent
protocol versions.
.PP
The SSLv3 protocol is deprecated and should generally not be used.
-Applications should typically use \fISSL_CTX_set_min_proto_version\fR\|(3) to set
+Applications should typically use \fBSSL_CTX_set_min_proto_version\fR\|(3) to set
the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
@@ -291,22 +295,22 @@ the reason.
.IX Item "Pointer to an SSL_CTX object"
The return value points to an allocated \s-1SSL_CTX\s0 object.
.Sp
-\&\fISSL_CTX_up_ref()\fR returns 1 for success and 0 for failure.
+\&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure.
.SH "HISTORY"
.IX Header "HISTORY"
-Support for SSLv2 and the corresponding \fISSLv2_method()\fR,
-\&\fISSLv2_server_method()\fR and \fISSLv2_client_method()\fR functions where
+Support for SSLv2 and the corresponding \fBSSLv2_method()\fR,
+\&\fBSSLv2_server_method()\fR and \fBSSLv2_client_method()\fR functions where
removed in OpenSSL 1.1.0.
.PP
-\&\fISSLv23_method()\fR, \fISSLv23_server_method()\fR and \fISSLv23_client_method()\fR
-were deprecated and the preferred \fITLS_method()\fR, \fITLS_server_method()\fR
-and \fITLS_client_method()\fR functions were introduced in OpenSSL 1.1.0.
+\&\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR and \fBSSLv23_client_method()\fR
+were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR
+and \fBTLS_client_method()\fR functions were introduced in OpenSSL 1.1.0.
.PP
All version-specific methods were deprecated in OpenSSL 1.1.0.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3),
-\&\fISSL_CTX_set_min_proto_version\fR\|(3), \fIssl\fR\|(7), \fISSL_set_connect_state\fR\|(3)
+\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3),
+\&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 04:31:42 +0000