SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode
#include <openssl/ssl.h> long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); long SSL_set_mode(SSL *ssl, long mode); long SSL_clear_mode(SSL *ssl, long mode); long SSL_CTX_get_mode(SSL_CTX *ctx); long SSL_get_mode(SSL *ssl);
SSL_CTX_set_mode() adds the mode set via bit mask in mode to ctx. Options already set before are not cleared. SSL_CTX_clear_mode() removes the mode set via bit mask in mode from ctx.
SSL_set_mode() adds the mode set via bit mask in mode to ssl. Options already set before are not cleared. SSL_clear_mode() removes the mode set via bit mask in mode from ssl.
SSL_CTX_get_mode() returns the mode set for ctx.
SSL_get_mode() returns the mode set for ssl.
The following mode changes are available:
In a nonblocking environment applications must be prepared to handle incomplete read/write operations. Setting SSL_MODE_AUTO_RETRY for a nonblocking BIO will process non-application data records until either no more data is available or an application data record has been processed.
In a blocking environment, applications are not always prepared to deal with the functions returning intermediate reports such as retry requests, and setting the SSL_MODE_AUTO_RETRY flag will cause the functions to only return after successfully processing an application data record or a failure.
Turning off SSL_MODE_AUTO_RETRY can be useful with blocking BIOs in case they are used in combination with something like select() or poll(). Otherwise the call to SSL_read() or SSL_read_ex() might hang when a non-application record was sent and no application data was sent.
DO NOT ENABLE THIS if your application attempts a normal handshake. Only use this in explicit fallback retries, following the guidance in draft-ietf-tls-downgrade-scsv-00.
All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by default since 1.1.1.
SSL_CTX_set_mode() and SSL_set_mode() return the new mode bit mask after adding mode.
SSL_CTX_get_mode() and SSL_get_mode() return the current bit mask.
SSL_MODE_ASYNC was added in OpenSSL 1.1.0.
Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.