1.\" $OpenBSD: SSL_CTX_set_min_proto_version.3,v 1.5 2021/04/15 16:40:32 tb Exp $
2.\" full merge up to: OpenSSL 3edabd3c Sep 14 09:28:39 2017 +0200
3.\"
4.\" This file was written by Kurt Roeckx <kurt@roeckx.be> and
5.\" Christian Heimes <christian@python.org>.
6.\" Copyright (c) 2015, 2017 The OpenSSL Project.  All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\"
12.\" 1. Redistributions of source code must retain the above copyright
13.\"    notice, this list of conditions and the following disclaimer.
14.\"
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in
17.\"    the documentation and/or other materials provided with the
18.\"    distribution.
19.\"
20.\" 3. All advertising materials mentioning features or use of this
21.\"    software must display the following acknowledgment:
22.\"    "This product includes software developed by the OpenSSL Project
23.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24.\"
25.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26.\"    endorse or promote products derived from this software without
27.\"    prior written permission. For written permission, please contact
28.\"    openssl-core@openssl.org.
29.\"
30.\" 5. Products derived from this software may not be called "OpenSSL"
31.\"    nor may "OpenSSL" appear in their names without prior written
32.\"    permission of the OpenSSL Project.
33.\"
34.\" 6. Redistributions of any form whatsoever must retain the following
35.\"    acknowledgment:
36.\"    "This product includes software developed by the OpenSSL Project
37.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38.\"
39.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51.\"
52.Dd $Mdocdate: April 15 2021 $
53.Dt SSL_CTX_SET_MIN_PROTO_VERSION 3
54.Os
55.Sh NAME
56.Nm SSL_CTX_set_min_proto_version ,
57.Nm SSL_CTX_set_max_proto_version ,
58.Nm SSL_CTX_get_min_proto_version ,
59.Nm SSL_CTX_get_max_proto_version ,
60.Nm SSL_set_min_proto_version ,
61.Nm SSL_set_max_proto_version ,
62.Nm SSL_get_min_proto_version ,
63.Nm SSL_get_max_proto_version
64.Nd get and set minimum and maximum supported protocol version
65.Sh SYNOPSIS
66.In openssl/ssl.h
67.Ft int
68.Fo SSL_CTX_set_min_proto_version
69.Fa "SSL_CTX *ctx"
70.Fa "uint16_t version"
71.Fc
72.Ft int
73.Fo SSL_CTX_set_max_proto_version
74.Fa "SSL_CTX *ctx"
75.Fa "uint16_t version"
76.Fc
77.Ft int
78.Fo SSL_CTX_get_min_proto_version
79.Fa "SSL_CTX *ctx"
80.Fc
81.Ft int
82.Fo SSL_CTX_get_max_proto_version
83.Fa "SSL_CTX *ctx"
84.Fc
85.Ft int
86.Fo SSL_set_min_proto_version
87.Fa "SSL *ssl"
88.Fa "uint16_t version"
89.Fc
90.Ft int
91.Fo SSL_set_max_proto_version
92.Fa "SSL *ssl"
93.Fa "uint16_t version"
94.Fc
95.Ft int
96.Fo SSL_get_min_proto_version
97.Fa "SSL *ssl"
98.Fc
99.Ft int
100.Fo SSL_get_max_proto_version
101.Fa "SSL *ssl"
102.Fc
103.Sh DESCRIPTION
104These functions get or set the minimum and maximum supported protocol
105versions for
106.Fa ctx
107or
108.Fa ssl .
109This works in combination with the options set via
110.Xr SSL_CTX_set_options 3
111that also make it possible to disable specific protocol versions.
112Use these functions instead of disabling specific protocol versions.
113.Pp
114Setting the minimum or maximum version to 0 will enable protocol
115versions down to the lowest or up to the highest version supported
116by the library, respectively.
117.Pp
118Currently supported versions are
119.Dv TLS1_VERSION ,
120.Dv TLS1_1_VERSION ,
121and
122.Dv TLS1_2_VERSION
123for TLS and
124.Dv DTLS1_VERSION
125and
126.Dv DTLS1_2_VERSION
127for DTLS.
128.Pp
129In other implementations, these functions may be implemented as macros.
130.Sh RETURN VALUES
131The setter functions return 1 on success or 0 on failure.
132.Pp
133The getter functions return the configured version or 0 if
134.Fa ctx
135or
136.Fa ssl
137has been configured to automatically use the lowest or highest
138version supported by the library.
139.Sh SEE ALSO
140.Xr ssl 3 ,
141.Xr SSL_CTX_new 3 ,
142.Xr SSL_CTX_set_options 3
143.Sh HISTORY
144The setter functions first appeared in BoringSSL in December 2014,
145with shorter names without the
146.Sy proto_
147part.
148Two years later, OpenSSL included them in their 1.1.0 release,
149gratuitously changing the names; Google shrugged and adopted
150the longer names one month later.
151They have been available since
152.Ox 6.2 .
153.Pp
154The getter functions first appeared in OpenSSL 1.1.0g
155and have been available since
156.Ox 6.3 .
157