diff options
Diffstat (limited to 'doc/ssl')
-rw-r--r-- | doc/ssl/SSL_CONF_cmd.pod | 8 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_new.pod | 6 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_min_proto_version.pod | 5 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_options.pod | 3 | ||||
-rw-r--r-- | doc/ssl/ssl.pod | 12 |
5 files changed, 22 insertions, 12 deletions
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 9feaa28103..a74117df0d 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -318,8 +318,9 @@ sure to also leave TLS 1.1 enabled. =item B<Options> The B<value> argument is a comma separated list of various flags to set. -If a flag string is preceded B<-> it is disabled. See the -B<SSL_CTX_set_options> function for more details of individual options. +If a flag string is preceded B<-> it is disabled. +See the L<SSL_CTX_set_options(3)> function for more details of +individual options. Each option is listed below. Where an operation is enabled by default the B<-flag> syntax is needed to disable it. @@ -527,7 +528,8 @@ L<SSL_CONF_CTX_new(3)>, L<SSL_CONF_CTX_set_flags(3)>, L<SSL_CONF_CTX_set1_prefix(3)>, L<SSL_CONF_CTX_set_ssl_ctx(3)>, -L<SSL_CONF_cmd_argv(3)> +L<SSL_CONF_cmd_argv(3)>, +L<SSL_CTX_set_options(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index 136f97b366..53f621685e 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -139,9 +139,9 @@ If you want to limit the supported protocols for the version flexible methods you can use SSL_CTX_set_min_proto_version(), SSL_set_min_proto_version(), SSL_CTX_set_max_proto_version() and SSL_set_max_proto_version() functions. -They can also be limited using by using an option like SSL_OP_NO_SSLv3 -of the SSL_CTX_set_options() or SSL_set_options() functions, but -that's not recommended. +They can also be limited by setting an option like B<SSL_OP_NO_SSLv3> +via the L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions, +but that's not recommended. Using these functions it is possible to choose e.g. TLS_server_method() and be able to negotiate with all possible clients, but to only allow newer protocols like TLS 1.0, TLS 1.1 or TLS 1.2. diff --git a/doc/ssl/SSL_CTX_set_min_proto_version.pod b/doc/ssl/SSL_CTX_set_min_proto_version.pod index 25f9cca23d..535ae83e7a 100644 --- a/doc/ssl/SSL_CTX_set_min_proto_version.pod +++ b/doc/ssl/SSL_CTX_set_min_proto_version.pod @@ -19,8 +19,9 @@ and maximum supported protocol version The functions set the minimum and maximum supported portocol versions for the B<ctx> or B<ssl>. -This works in combination with the options set via SSL_CTX_set_options() -that also make it possible to disable specific protocol versions. +This works in combination with the options set via +L<SSL_CTX_set_options(3)> that also make it possible to disable +specific protocol versions. Use these functions instead of disabling specific protocol versions. Setting the minimum or maximum version to 0, will enable protocol diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 56f62cc59f..c1325681e2 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -23,8 +23,6 @@ SSL_get_secure_renegotiation_support - manipulate SSL options =head1 DESCRIPTION -Note: all these functions are implemented using macros. - SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>. Options already set before are not cleared! @@ -42,6 +40,7 @@ SSL_get_options() returns the options set for B<ssl>. SSL_get_secure_renegotiation_support() indicates whether the peer supports secure renegotiation. +Note, this is implemented via a macro. =head1 NOTES diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 0d29b54bdd..33133ff78f 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -315,7 +315,11 @@ Use the file path to locate trusted CA certficates. =item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg); -=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op); +=item unsigned long B<SSL_CTX_clear_options>(SSL_CTX *ctx, unsigned long op); + +=item unsigned long B<SSL_CTX_get_options>(SSL_CTX *ctx); + +=item unsigned long B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op); =item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode); @@ -596,7 +600,11 @@ fresh handle for each connection. =item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg); -=item void B<SSL_set_options>(SSL *ssl, unsigned long op); +=item unsigned long B<SSL_clear_options>(SSL *ssl, unsigned long op); + +=item unsigned long B<SSL_get_options>(SSL *ssl); + +=item unsigned long B<SSL_set_options>(SSL *ssl, unsigned long op); =item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode); |