NAME    [Toc]    [Back]

       SSL_CTX_new - Create a new SSL_CTX object as framework for
       TLS/SSL enabled functions

SYNOPSIS    [Toc]    [Back]

       #include <openssl/ssl.h>

       SSL_CTX *SSL_CTX_new(
               SSL_METHOD *method );

DESCRIPTION    [Toc]    [Back]

       The SSL_CTX_new() function creates a new SSL_CTX object as
       framework to establish TLS/SSL enabled connections.

NOTES    [Toc]    [Back]

       The  SSL_CTX  object uses method as connection method. The
       methods exist in a generic type  (for  client  and  server
       use),  a  server  only  type,  and a client only type. The
       method can be of the following types: A TLS/SSL connection
       established  with  these  methods will only understand the
       SSLv2 protocol. A client will send out SSLv2 client  hello
       messages  and  will  also indicate that it only understand
       SSLv2.  A server will only understand SSLv2  client  hello
       messages.   A  TLS/SSL  connection  established with these
       methods will only understand the SSLv3 protocol. A  client
       will  send  out SSLv3 client hello messages and will indicate
 that it only understands SSLv3. A  server  will  only
       understand  SSLv3  client  hello messages. This especially
       means, that it will not understand SSLv2 client hello messages
 which are widely used for compatibility reasons. See
       SSLv23_*_method().  A TLS/SSL connection established  with
       these  methods  will only understand the TLSv1 protocol. A
       client will send out TLSv1 client hello messages and  will
       indicate  that  it  only  understands TLSv1. A server will
       only understand TLSv1 client hello  messages.  This  especially
  means,  that  it  will not understand SSLv2 client
       hello messages which are  widely  used  for  compatibility
       reasons,  see  SSLv23_*_method().  It will also not understand
 SSLv3 client hello messages.  A  TLS/SSL  connection
       established  with these methods will understand the SSLv2,
       SSLv3, and TLSv1 protocol. A client will  send  out  SSLv2
       client  hello  messages  and  will  indicate  that it also
       understands SSLv3 and  TLSv1.  A  server  will  understand
       SSLv2,  SSLv3,  and  TLSv1 client hello messages.  This is
       the best choice when compatibility is a concern.

       The list of protocols available can later be limited using
       the   SSL_OP_NO_SSLv2,   SSL_OP_NO_SSLv3,  SSL_OP_NO_TLSv1
       options of the SSL_CTX_set_options() or  SSL_set_options()
       functions.   Using these options, it is possible to choose
       the SSLv23_server_method() function, for example,  and  be
       able  to  negotiate with all possible clients, but to only
       allow newer protocols like SSLv3 or TLSv1.

       The  SSL_CTX_new()  function  initializes  the   list   of
       ciphers,  the  session  cache  setting, the callbacks, the
       keys and certificates, and the options to its default values.

RETURN VALUES    [Toc]    [Back]

       The  following  return values can occur: The creation of a
       new SSL_CTX object  failed.   Check  the  error  stack  to
       determine the reason.  The return value points to an allocated
 SSL_CTX object.

SEE ALSO    [Toc]    [Back]

       Functions:   SSL_CTX_free(3),    SSL_accept(3),    ssl(3),
       SSL_set_connect_state(3)



                                                   SSL_CTX_new(3)