Go to main content

man pages section 3: Extended Library Functions, Volume 1

Exit Print View

Updated: Wednesday, July 27, 2022
 
 

SSL_CTX_set_mode (3openssl)

Name

SSL_CTX_set_mode - manipulate SSL engine mode

Synopsis

#include <openssl/ssl.h>

long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
long SSL_set_mode(SSL *ssl, long mode);

long SSL_CTX_get_mode(SSL_CTX *ctx);
long SSL_get_mode(SSL *ssl);

Description

OpenSSL                                             SSL_CTX_set_mode(3openssl)



NAME
       SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode -
       manipulate SSL engine mode

SYNOPSIS
        #include <openssl/ssl.h>

        long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
        long SSL_set_mode(SSL *ssl, long mode);

        long SSL_CTX_get_mode(SSL_CTX *ctx);
        long SSL_get_mode(SSL *ssl);

DESCRIPTION
       SSL_CTX_set_mode() adds the mode set via bitmask in mode to ctx.
       Options already set before are not cleared.

       SSL_set_mode() adds the mode set via bitmask in mode to ssl.  Options
       already set before are not cleared.

       SSL_CTX_get_mode() returns the mode set for ctx.

       SSL_get_mode() returns the mode set for ssl.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+--------------------------+
       |ATTRIBUTE TYPE |     ATTRIBUTE VALUE      |
       +---------------+--------------------------+
       |Availability   | library/security/openssl |
       +---------------+--------------------------+
       |Stability      | Pass-through uncommitted |
       +---------------+--------------------------+

NOTES
       The following mode changes are available:

       SSL_MODE_ENABLE_PARTIAL_WRITE
           Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report
           success when just a single record has been written). When not set
           (the default), SSL_write() will only report success once the
           complete chunk was written.  Once SSL_write() returns with r, r
           bytes have been successfully written and the next call to
           SSL_write() must only send the n-r bytes left, imitating the
           behaviour of write().

       SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
           Make it possible to retry SSL_write() with changed buffer location
           (the buffer contents must stay the same). This is not the default
           to avoid the misconception that non-blocking SSL_write() behaves
           like non-blocking write().

       SSL_MODE_AUTO_RETRY
           Never bother the application with retries if the transport is
           blocking.  If a renegotiation take place during normal operation, a
           SSL_read(3) or SSL_write(3) would return with -1 and indicate the
           need to retry with SSL_ERROR_WANT_READ.  In a non-blocking
           environment applications must be prepared to handle incomplete
           read/write operations.  In a blocking environment, applications are
           not always prepared to deal with read/write operations returning
           without success report. The flag SSL_MODE_AUTO_RETRY will cause
           read/write operations to only return after the handshake and
           successful completion.

       SSL_MODE_RELEASE_BUFFERS
           When we no longer need a read buffer or a write buffer for a given
           SSL, then release the memory we were using to hold it.  Released
           memory is either appended to a list of unused RAM chunks on the
           SSL_CTX, or simply freed if the list of unused chunks would become
           longer than SSL_CTX->freelist_max_len, which defaults to 32.  Using
           this flag can save around 34k per idle SSL connection.  This flag
           has no effect on SSL v2 connections, or on DTLS connections.

       SSL_MODE_SEND_FALLBACK_SCSV
           Send TLS_FALLBACK_SCSV in the ClientHello.  To be set only by
           applications that reconnect with a downgraded protocol version; see
           draft-ietf-tls-downgrade-scsv-00 for details.

           DO NOT ENABLE THIS if your application attempts a normal handshake.
           Only use this in explicit fallback retries, following the guidance
           in draft-ietf-tls-downgrade-scsv-00.

           Source code for open source software components in Oracle Solaris
           can be found at
           https://www.oracle.com/downloads/opensource/solaris-source-code-
           downloads.html.

           This software was built from source available at
           https://github.com/oracle/solaris-userland.  The original community
           source was downloaded from
           https://www.openssl.org/source/openssl-1.0.2ze.tar.gz.

           Further information about this software can be found on the open
           source community website at https://www.openssl.org/.

RETURN VALUES
       SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask after
       adding mode.

       SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.

SEE ALSO
       ssl(3), SSL_read(3), SSL_write(3)

HISTORY
       SSL_MODE_AUTO_RETRY as been added in OpenSSL 0.9.6.




1.0.2ze                           2022-05-03
                                                    SSL_CTX_set_mode(3openssl)
Copyright © 1993, 2022, Oracle and/or its affiliates.  
Previous
Next