xref: /freebsd/secure/lib/libcrypto/man/man3/SSL_CTX_set_domain_flags.3 (revision d4033e6d37747f5213bb245c8e605406703a8766) 
 -*- mode: troff; coding: utf-8 -*-
 Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)

 Standard preamble:
 ========================================================================
..

..


..
 \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
. ds C` ""
. ds C' ""
'br\}
. ds C`
. ds C'
'br\}

 Escape single quotes in literal strings from groff's Unicode transform.

 If the F register is >0, we'll generate index entries on stderr for
 titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 entries marked with X<> in POD. Of course, you'll have to process the
 output yourself in some meaningful fashion.

 Avoid warning from groff about undefined register 'F'.
..
.nr rF 0
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
 ========================================================================

 Title "SSL_CTX_SET_DOMAIN_FLAGS 3ossl" 
 SSL_CTX_SET_DOMAIN_FLAGS 3ossl 2025-09-30 3.5.4 OpenSSL
 For nroff, turn off justification. Always turn off hyphenation; it makes
 way too many mistakes in technical documents.
 NAME
SSL_CTX_set_domain_flags, SSL_CTX_get_domain_flags, SSL_get_domain_flags,
SSL_DOMAIN_FLAG_SINGLE_THREAD,
SSL_DOMAIN_FLAG_MULTI_THREAD,
SSL_DOMAIN_FLAG_THREAD_ASSISTED,
SSL_DOMAIN_FLAG_BLOCKING,
SSL_DOMAIN_FLAG_LEGACY_BLOCKING
\- control the concurrency model used by a QUIC domain

 SYNOPSIS
 Header "SYNOPSIS" .Vb 1
 #include <openssl/ssl.h>
\&
 #define SSL_DOMAIN_FLAG_SINGLE_THREAD
 #define SSL_DOMAIN_FLAG_MULTI_THREAD
 #define SSL_DOMAIN_FLAG_LEGACY_BLOCKING
 #define SSL_DOMAIN_FLAG_BLOCKING
 #define SSL_DOMAIN_FLAG_THREAD_ASSISTED
\&
 int SSL_CTX_set_domain_flags(SSL_CTX *ctx, uint64_t flags);
 int SSL_CTX_get_domain_flags(SSL_CTX *ctx, uint64_t *flags);
\&
 int SSL_get_domain_flags(SSL *ssl, uint64_t *flags);
.Ve

 DESCRIPTION
 Header "DESCRIPTION" \fBSSL_CTX_set_domain_flags() and SSL_CTX_get_domain_flags() set and get the QUIC
domain flags on a SSL_CTX using a QUIC SSL_METHOD. These flags determine
the concurrency model which is used for a QUIC domain. A detailed introduction
to these concepts can be found in openssl-quic-concurrency\|(7).


Applications may use either one the flags here:

 SSL_DOMAIN_FLAG_SINGLE_THREAD 4
 Item "SSL_DOMAIN_FLAG_SINGLE_THREAD" Specifying this flag configures the Single-Threaded Concurrency Model (SCM).

 SSL_DOMAIN_FLAG_MULTI_THREAD 4
 Item "SSL_DOMAIN_FLAG_MULTI_THREAD" Speciyfing this flag configures the Contentive Concurrency Model (CCM) (unless
\fBSSL_DOMAIN_FLAG_THREAD_ASSISTED is also specified).
.Sp
If OpenSSL was built without thread support, this is identical to
\fBSSL_DOMAIN_FLAG_SINGLE_THREAD.

 SSL_DOMAIN_FLAG_THREAD_ASSISTED 4
 Item "SSL_DOMAIN_FLAG_THREAD_ASSISTED" Specifying this flag configures the Thread-Assisted Concurrency Model (TACM).
It implies SSL_DOMAIN_FLAG_MULTI_THREAD and SSL_DOMAIN_FLAG_BLOCKING.
.Sp
This concurrency model is not available if OpenSSL was built without thread
support, in which case attempting to configure it will result in an error.

 SSL_DOMAIN_FLAG_BLOCKING 4
 Item "SSL_DOMAIN_FLAG_BLOCKING" Enable reliable support for blocking I/O calls, allocating whatever OS resources
are necessary to realise this. If this flag is specified,
\fBSSL_DOMAIN_FLAG_LEGACY_BLOCKING is ignored.

 SSL_DOMAIN_FLAG_LEGACY_BLOCKING 4
 Item "SSL_DOMAIN_FLAG_LEGACY_BLOCKING" Enables legacy blocking compatibility mode. See
"Legacy Blocking Support Compatibility" in openssl-quic-concurrency\|(7).


Mutually exclusive flag combinations result in an error (for example, combining
\fBSSL_DOMAIN_FLAG_SINGLE_THREAD and SSL_DOMAIN_FLAG_MULTI_THREADED).


Because exactly one concurrency model must be chosen, the domain flags cannot be
set to 0 and attempting to do so will result in an error.


Changing these flags using SSL_CTX_set_domain_flags() has no effect on QUIC
domains which have already been created.


The default set of domain flags set on a newly created SSL_CTX may vary by
OpenSSL version, chosen SSL_METHOD, and operating environment. See
\fBopenssl-quic-concurrency\|(7) for details. An application can retrieve the
default domain flags by calling SSL_CTX_get_domain_flags() immediately after
constructing a SSL_CTX.


\fBSSL_get_domain_flags() retrieves the domain flags which are effective for a QUIC
domain when called on any QUIC SSL object under that domain.

 "RETURN VALUES"
 Header "RETURN VALUES" \fBSSL_CTX_set_domain_flags(), SSL_CTX_get_domain_flags() and
\fBSSL_get_domain_flags() return 1 on success and 0 on failure.


\fBSSL_CTX_set_domain_flags() fails if called with a set of flags which are
inconsistent or which cannot be supported given the current environment.


\fBSSL_CTX_set_domain_flags() and SSL_CTX_get_domain_flags() fail if called on a
\fBSSL_CTX which is not using a QUIC SSL_METHOD.


\fBSSL_get_domain_flags() fails if called on a non-QUIC SSL object.

 "SEE ALSO"
 Header "SEE ALSO" \fBSSL_new_domain\|(3), openssl-quic-concurrency\|(7)

 HISTORY
 Header "HISTORY" These functions were added in OpenSSL 3.5.

 COPYRIGHT
 Header "COPYRIGHT" Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.


Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.