blob: d420ab0b6336d149581a13aea09c75461c5ab43b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
=pod
=head1 NAME
SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_is_tls, SSL_is_quic,
SSL_version - get the protocol information of a connection
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_client_version(const SSL *s);
const char *SSL_get_version(const SSL *ssl);
int SSL_is_dtls(const SSL *ssl);
int SSL_is_tls(const SSL *ssl);
int SSL_is_quic(const SSL *ssl);
int SSL_version(const SSL *s);
=head1 DESCRIPTION
SSL_client_version() returns the numeric protocol version advertised by the
client in the legacy_version field of the ClientHello when initiating the
connection. Note that, for TLS, this value will never indicate a version greater
than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version()
returns the name of the protocol used for the connection. SSL_version() returns
the numeric protocol version used for the connection. They should only be called
after the initial handshake has been completed. Prior to that the results
returned from these functions may be unreliable.
SSL_is_dtls() returns 1 if the connection is using DTLS or 0 if not.
SSL_is_tls() returns 1 if the connection is using SSL/TLS or 0 if not.
SSL_is_quic() returns 1 if the connection is using QUIC or 0 if not.
=head1 RETURN VALUES
SSL_get_version() returns one of the following strings:
=over 4
=item SSLv3
The connection uses the SSLv3 protocol.
=item TLSv1
The connection uses the TLSv1.0 protocol.
=item TLSv1.1
The connection uses the TLSv1.1 protocol.
=item TLSv1.2
The connection uses the TLSv1.2 protocol.
=item TLSv1.3
The connection uses the TLSv1.3 protocol.
=item DTLSv0.9
The connection uses an obsolete pre-standardisation DTLS protocol
=item DTLSv1
The connection uses the DTLSv1 protocol
=item DTLSv1.2
The connection uses the DTLSv1.2 protocol
=item QUICv1
The connection uses the QUICv1 protocol.
=item unknown
This indicates an unknown protocol version.
=back
SSL_version() and SSL_client_version() return an integer which could include any
of the following:
=over 4
=item SSL3_VERSION
The connection uses the SSLv3 protocol.
=item TLS1_VERSION
The connection uses the TLSv1.0 protocol.
=item TLS1_1_VERSION
The connection uses the TLSv1.1 protocol.
=item TLS1_2_VERSION
The connection uses the TLSv1.2 protocol.
=item TLS1_3_VERSION
The connection uses the TLSv1.3 protocol (never returned for
SSL_client_version()).
=item DTLS1_BAD_VER
The connection uses an obsolete pre-standardisation DTLS protocol
=item DTLS1_VERSION
The connection uses the DTLSv1 protocol
=item DTLS1_2_VERSION
The connection uses the DTLSv1.2 protocol
=item OSSL_QUIC1_VERSION
The connection uses the QUICv1 protocol (never returned for
SSL_client_version()).
=back
=head1 SEE ALSO
L<ssl(7)>
=head1 HISTORY
The SSL_is_dtls() function was added in OpenSSL 1.1.0. The SSL_is_tls() and
SSL_is_quic() functions were added in OpenSSL 3.2.
=head1 COPYRIGHT
Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
|
