Doubt regarding ssl options

Michael Wojcik Michael.Wojcik at microfocus.com
Mon Jan 31 14:34:03 UTC 2022


> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Jan Just Keijser
> Sent: Monday, 31 January, 2022 03:51
> To: Srinivas, Saketh (c) <ssrinivas at rbbn.com>; openssl-users at openssl.org
> Subject: Re: Doubt regarding ssl options

> On 31/01/22 10:27, Srinivas, Saketh (c) wrote:

> > what is the difference between  SSL_CTX_set_min_proto_version
> > and SSL_set_min_proto_version.

> The effect of SSL_CTX_set_min_proto_version and SSL_set_min_proto_version is
> exactly the same...

More generally: The difference between SSL_CTX_something and SSL_something is that the former operates on an SSL_CTX object, and the latter on an SSL object.

An SSL object controls an SSL connection (more or less). An SSL_CTX object is used to create one or more SSL objects; it serves as a template for those SSL objects.

So if you want to set "something" for multiple SSL objects you will create later, use the SSL_CTX_something function. If you only need to alter the properties of an existing SSL object, use the SSL_something function.

This is a fundamental aspect of the OpenSSL API.

-- 
Michael Wojcik


More information about the openssl-users mailing list