SSL_CTX_set_alpn_select_cb and Other OpenSSL API ALPN Functions + Their Callbacks

Angus Robertson - Magenta Systems Ltd angus at
Fri Jul 29 16:22:00 UTC 2022

> I don't understand how to write the callback functions some of 
> the OpenSSL ALPN functions expect, and the manual really isn't 
> helping there either, so I'd like some help.

Use SSL_CTX_set_client_hello_cb to set a SSL_client_hello_cb_fn
function, which you can parse to get TLSEXT_TYPE_server_name and
TLSEXT_TYPE_application_layer_protocol_negotiation, and everything else
sent in the Client Hello (if you need it) like SSL versions and ciphers

Within this callback you can change SSL_CTX depending on SNI and ALPN.

Ignore the SNI and ALPN callbacks.  client_hello_cb was only added in
1.1.1 so is often missing from old examples, FAQs and manuals. 


More information about the openssl-users mailing list