28 names are case sensitive. Unless otherwise stated commands can be used by
29 both clients and servers and the B<value> parameter is not used. The default
50 used in security level 1 or lower. From OpenSSL 3.2.0 and above the default
62 Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
68 Only used by servers.
82 Sets B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION>. Only used by servers.
94 Only used by servers. Requires B<-serverpref>.
105 Equivalent to B<SSL_OP_PREFER_NO_DHE_KEX>. Only used by servers.
115 For clients this value is used directly for the supported signature
116 algorithms extension. For servers it is used to determine which signature
141 authentication for TLSv1.2 and TLSv1.3.  For servers the B<algs> is used
143 For clients it is used to determine which signature algorithm to use with
148 value set for B<-sigalgs> will be used instead.
153 the supported groups extension. For servers, it is used to determine which
154 group to use. This setting affects groups used for signatures (in TLSv1.2
155 and earlier) and key exchange. The first group listed will also be used
159 be either the B<NIST> name (e.g. B<P-256>), some other commonly used name
174 This sets the temporary curve used for ephemeral ECDH modes. Only used
289 OpenSSL will automatically detect if a session ticket has been used more than
291 full handshake is forced if a session ticket is used a second or subsequent
293 is only used by servers. Anti-replay measures are required for compliance with
343 These options indicate a file or directory used for building certificate
382 value is used directly for the supported signature algorithms extension. For
383 servers it is used to determine which signature algorithms to support.
409 For servers the value is used in the
412 used to determine which signature algorithm to use with the client certificate.
416 the value set for B<SignatureAlgorithms> will be used instead.
421 sent using the supported groups extension. For servers, it is used
422 to determine which group to use. This setting affects groups used for
424 will also be used for the B<key_share> sent by a client in a TLSv1.3
428 either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
467 This can be used to enable or disable certain versions of the SSL,
518 B<SSL_OP_DH_SINGLE>. Only used by servers.
521 B<SSL_OP_ECDH_SINGLE>. Only used by servers.
526 B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
531 Only used by servers.
534 B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers.
555 B<AllowNoDHEKEX>. Equivalent to B<SSL_OP_PREFER_NO_DHE_KEX>. Only used by
565 has been used more than once, TLSv1.3 has been negotiated, and early data is
566 enabled on the server. A full handshake is forced if a session ticket is used a
567 second or subsequent time. This option is set by default and is only used by
597 a performance boost when used with KTLS hardware offload. Note that invalid TLS
638 A file or directory of certificates in PEM format whose names are used as the
670 The value string is not used e.g. a command line option which doesn't take an
677 The order of operations is significant. This can be used to set either defaults
701 utility function SSL_CONF_cmd_argv() is normally used instead. One way
706 In this case if the return value is positive then it is used to skip that
713 The function SSL_CONF_cmd_value_type() can be used by applications to
722 B<NOT> used and 2 if both B<option> and B<value> are used. In other words it

Last Index update Sun Sep 29 02:06:52 UTC 2024

Dedicated to & Maintained by Room-11