SSL_CTX_new(3)SSL_CTX_new(3)NAMESSL_CTX_new - Create a new SSL_CTX object as framework for TLS/SSL
enabled functions
SYNOPSIS
#include <openssl/ssl.h>
SSL_CTX *SSL_CTX_new(
SSL_METHOD *method );
DESCRIPTION
The SSL_CTX_new() function creates a new SSL_CTX object as framework to
establish TLS/SSL enabled connections.
NOTES
The SSL_CTX object uses method as connection method. The methods exist
in a generic type (for client and server use), a server only type, and
a client only type. The method can be of the following types: A TLS/SSL
connection established with these methods will only understand the
SSLv2 protocol. A client will send out SSLv2 client hello messages and
will also indicate that it only understand SSLv2. A server will only
understand SSLv2 client hello messages. A TLS/SSL connection estab‐
lished with these methods will only understand the SSLv3 protocol. A
client will send out SSLv3 client hello messages and will indicate that
it only understands SSLv3. A server will only understand SSLv3 client
hello messages. This especially means, that it will not understand
SSLv2 client hello messages which are widely used for compatibility
reasons. See SSLv23_*_method(). A TLS/SSL connection established with
these methods will only understand the TLSv1 protocol. A client will
send out TLSv1 client hello messages and will indicate that it only
understands TLSv1. A server will only understand TLSv1 client hello
messages. This especially means, that it will not understand SSLv2
client hello messages which are widely used for compatibility reasons,
see SSLv23_*_method(). It will also not understand SSLv3 client hello
messages. A TLS/SSL connection established with these methods will
understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out
SSLv2 client hello messages and will indicate that it also understands
SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and TLSv1
client hello messages. This is the best choice when compatibility is a
concern.
The list of protocols available can later be limited using the
SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the
SSL_CTX_set_options() or SSL_set_options() functions. Using these
options, it is possible to choose the SSLv23_server_method() function,
for example, and be able to negotiate with all possible clients, but to
only allow newer protocols like SSLv3 or TLSv1.
The SSL_CTX_new() function initializes the list of ciphers, the session
cache setting, the callbacks, the keys and certificates, and the
options to its default values.
RETURN VALUES
The following return values can occur: The creation of a new SSL_CTX
object failed. Check the error stack to determine the reason. The
return value points to an allocated SSL_CTX object.
SEE ALSO
Functions: SSL_CTX_free(3), SSL_accept(3), ssl(3), SSL_set_con‐
nect_state(3)SSL_CTX_new(3)