2 ''' $RCSfile$$Revision$$Date$
20 .ie \\n(.$>=3 .ne \\$3
36 ''' Set up \*(-- to give an unbreakable dash;
37 ''' string Tr holds user defined translation string.
38 ''' Bell System Logo is used as a dummy character.
44 .if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
45 .if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
48 ''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
49 ''' \*(L" and \*(R", except that they are used on ".xx" lines,
50 ''' such as .IP and .SH, which do another additional levels of
51 ''' double-quote interpretation
80 .\" If the F register is turned on, we'll generate
81 .\" index entries out stderr for the following things:
86 .\" X<> Xref (embedded
87 .\" Of course, you have to process the output yourself
88 .\" in some meaninful fashion.
91 .tm Index:\\$1\t\\n%\t"\\$2"
96 .TH SSL_CTX_new 3 "0.9.7d" "2/Sep/2004" "OpenSSL"
100 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
101 .de CQ \" put $1 in typewriter font
107 \\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
110 .\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
111 . \" AM - accent mark definitions
113 . \" fudge factors for nroff and troff
122 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
128 . \" simple accents for nroff and troff
141 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
142 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
143 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
144 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
145 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
146 . ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
147 . ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
148 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
149 . ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
151 . \" troff and (daisy-wheel) nroff accents
152 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
153 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
154 .ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
155 .ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
156 .ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
157 .ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
158 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
159 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
160 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
161 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
162 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
163 .ds ae a\h'-(\w'a'u*4/10)'e
164 .ds Ae A\h'-(\w'A'u*4/10)'E
165 .ds oe o\h'-(\w'o'u*4/10)'e
166 .ds Oe O\h'-(\w'O'u*4/10)'E
167 . \" corrections for vroff
168 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
169 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
170 . \" for low resolution devices (crt and lpr)
171 .if \n(.H>23 .if \n(.V>19 \
175 . ds v \h'-1'\o'\(aa\(ga'
191 SSL_CTX_new \- create a new SSL_CTX object as framework for TLS/SSL enabled functions
195 \& #include <openssl/ssl.h>
198 \& SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
201 \fISSL_CTX_new()\fR creates a new \fBSSL_CTX\fR object as framework to establish
202 TLS/SSL enabled connections.
204 The SSL_CTX object uses \fBmethod\fR as connection method. The methods exist
205 in a generic type (for client and server use), a server only type, and a
206 client only type. \fBmethod\fR can be of the following types:
207 .Ip "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4
208 A \s-1TLS/SSL\s0 connection established with these methods will only understand
209 the SSLv2 protocol. A client will send out SSLv2 client hello messages
210 and will also indicate that it only understand SSLv2. A server will only
211 understand SSLv2 client hello messages.
212 .Ip "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4
213 A \s-1TLS/SSL\s0 connection established with these methods will only understand the
214 SSLv3 protocol. A client will send out SSLv3 client hello messages
215 and will indicate that it only understands SSLv3. A server will only understand
216 SSLv3 client hello messages. This especially means, that it will
217 not understand SSLv2 client hello messages which are widely used for
218 compatibility reasons, see SSLv23_*\fI_method()\fR.
219 .Ip "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4
220 A \s-1TLS/SSL\s0 connection established with these methods will only understand the
221 TLSv1 protocol. A client will send out TLSv1 client hello messages
222 and will indicate that it only understands TLSv1. A server will only understand
223 TLSv1 client hello messages. This especially means, that it will
224 not understand SSLv2 client hello messages which are widely used for
225 compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand
226 SSLv3 client hello messages.
227 .Ip "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4
228 A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2,
229 SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
230 and will indicate that it also understands SSLv3 and TLSv1. A server will
231 understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
232 choice when compatibility is a concern.
234 The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
235 SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the \fBSSL_CTX_set_options()\fR or
236 \fBSSL_set_options()\fR functions. Using these options it is possible to choose
237 e.g. \fISSLv23_server_method()\fR and be able to negotiate with all possible
238 clients, but to only allow newer protocols like SSLv3 or TLSv1.
240 \fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting,
241 the callbacks, the keys and certificates, and the options to its default
244 The following return values can occur:
246 The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to
248 .Ip "Pointer to an \s-1SSL_CTX\s0 object" 4
249 The return value points to an allocated \s-1SSL_CTX\s0 object.
251 SSL_CTX_free(3), SSL_accept(3),
252 ssl(3), SSL_set_connect_state(3)
255 .IX Title "SSL_CTX_new 3"
256 .IX Name "SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions"
260 .IX Header "SYNOPSIS"
262 .IX Header "DESCRIPTION"
266 .IX Item "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)"
268 .IX Item "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)"
270 .IX Item "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)"
272 .IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)"
274 .IX Header "RETURN VALUES"
276 .IX Item "\s-1NULL\s0"
278 .IX Item "Pointer to an \s-1SSL_CTX\s0 object"
280 .IX Header "SEE ALSO"