1=pod 2 3=head1 NAME 4 5SSL_CTX_set_domain_flags, SSL_CTX_get_domain_flags, SSL_get_domain_flags, 6SSL_DOMAIN_FLAG_SINGLE_THREAD, 7SSL_DOMAIN_FLAG_MULTI_THREAD, 8SSL_DOMAIN_FLAG_THREAD_ASSISTED, 9SSL_DOMAIN_FLAG_BLOCKING, 10SSL_DOMAIN_FLAG_LEGACY_BLOCKING 11- control the concurrency model used by a QUIC domain 12 13=head1 SYNOPSIS 14 15 #include <openssl/ssl.h> 16 17 #define SSL_DOMAIN_FLAG_SINGLE_THREAD 18 #define SSL_DOMAIN_FLAG_MULTI_THREAD 19 #define SSL_DOMAIN_FLAG_LEGACY_BLOCKING 20 #define SSL_DOMAIN_FLAG_BLOCKING 21 #define SSL_DOMAIN_FLAG_THREAD_ASSISTED 22 23 int SSL_CTX_set_domain_flags(SSL_CTX *ctx, uint64_t flags); 24 int SSL_CTX_get_domain_flags(SSL_CTX *ctx, uint64_t *flags); 25 26 int SSL_get_domain_flags(SSL *ssl, uint64_t *flags); 27 28=head1 DESCRIPTION 29 30SSL_CTX_set_domain_flags() and SSL_CTX_get_domain_flags() set and get the QUIC 31domain flags on a B<SSL_CTX> using a QUIC B<SSL_METHOD>. These flags determine 32the concurrency model which is used for a QUIC domain. A detailed introduction 33to these concepts can be found in L<openssl-quic-concurrency(7)>. 34 35Applications may use either one the flags here: 36 37=over 4 38 39=item B<SSL_DOMAIN_FLAG_SINGLE_THREAD> 40 41Specifying this flag configures the Single-Threaded Concurrency Model (SCM). 42 43=item B<SSL_DOMAIN_FLAG_MULTI_THREAD> 44 45Speciyfing this flag configures the Contentive Concurrency Model (CCM) (unless 46B<SSL_DOMAIN_FLAG_THREAD_ASSISTED> is also specified). 47 48If OpenSSL was built without thread support, this is identical to 49B<SSL_DOMAIN_FLAG_SINGLE_THREAD>. 50 51=item B<SSL_DOMAIN_FLAG_THREAD_ASSISTED> 52 53Specifying this flag configures the Thread-Assisted Concurrency Model (TACM). 54It implies B<SSL_DOMAIN_FLAG_MULTI_THREAD> and B<SSL_DOMAIN_FLAG_BLOCKING>. 55 56This concurrency model is not available if OpenSSL was built without thread 57support, in which case attempting to configure it will result in an error. 58 59=item B<SSL_DOMAIN_FLAG_BLOCKING> 60 61Enable reliable support for blocking I/O calls, allocating whatever OS resources 62are necessary to realise this. If this flag is specified, 63B<SSL_DOMAIN_FLAG_LEGACY_BLOCKING> is ignored. 64 65=item B<SSL_DOMAIN_FLAG_LEGACY_BLOCKING> 66 67Enables legacy blocking compatibility mode. See 68L<openssl-quic-concurrency(7)/Legacy Blocking Support Compatibility>. 69 70=back 71 72Mutually exclusive flag combinations result in an error (for example, combining 73B<SSL_DOMAIN_FLAG_SINGLE_THREAD> and B<SSL_DOMAIN_FLAG_MULTI_THREADED>). 74 75Because exactly one concurrency model must be chosen, the domain flags cannot be 76set to 0 and attempting to do so will result in an error. 77 78Changing these flags using SSL_CTX_set_domain_flags() has no effect on QUIC 79domains which have already been created. 80 81The default set of domain flags set on a newly created B<SSL_CTX> may vary by 82OpenSSL version, chosen B<SSL_METHOD>, and operating environment. See 83L<openssl-quic-concurrency(7)> for details. An application can retrieve the 84default domain flags by calling SSL_CTX_get_domain_flags() immediately after 85constructing a B<SSL_CTX>. 86 87SSL_get_domain_flags() retrieves the domain flags which are effective for a QUIC 88domain when called on any QUIC SSL object under that domain. 89 90=head1 RETURN VALUES 91 92SSL_CTX_set_domain_flags(), SSL_CTX_get_domain_flags() and 93SSL_get_domain_flags() return 1 on success and 0 on failure. 94 95SSL_CTX_set_domain_flags() fails if called with a set of flags which are 96inconsistent or which cannot be supported given the current environment. 97 98SSL_CTX_set_domain_flags() and SSL_CTX_get_domain_flags() fail if called on a 99B<SSL_CTX> which is not using a QUIC B<SSL_METHOD>. 100 101SSL_get_domain_flags() fails if called on a non-QUIC SSL object. 102 103=head1 SEE ALSO 104 105L<SSL_new_domain(3)>, L<openssl-quic-concurrency(7)> 106 107=head1 HISTORY 108 109These functions were added in @QUIC_SERVER_VERSION@. 110 111=head1 COPYRIGHT 112 113Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. 114 115Licensed under the Apache License 2.0 (the "License"). You may not use 116this file except in compliance with the License. You can obtain a copy 117in the file LICENSE in the source distribution or at 118L<https://www.openssl.org/source/license.html>. 119 120=cut 121