xref: /freebsd/crypto/openssl/doc/man3/SSL_CONF_cmd.pod (revision 5956d97f4b3204318ceb6aa9c77bd0bc6ea87a41)
1=pod
2
3=head1 NAME
4
5SSL_CONF_cmd_value_type,
6SSL_CONF_cmd - send configuration command
7
8=head1 SYNOPSIS
9
10 #include <openssl/ssl.h>
11
12 int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
13 int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
14
15=head1 DESCRIPTION
16
17The function SSL_CONF_cmd() performs configuration operation B<cmd> with
18optional parameter B<value> on B<ctx>. Its purpose is to simplify application
19configuration of B<SSL_CTX> or B<SSL> structures by providing a common
20framework for command line options or configuration files.
21
22SSL_CONF_cmd_value_type() returns the type of value that B<cmd> refers to.
23
24=head1 SUPPORTED COMMAND LINE COMMANDS
25
26Currently supported B<cmd> names for command lines (i.e. when the
27flag B<SSL_CONF_CMDLINE> is set) are listed below. Note: all B<cmd> names
28are case sensitive. Unless otherwise stated commands can be used by
29both clients and servers and the B<value> parameter is not used. The default
30prefix for command line commands is B<-> and that is reflected below.
31
32=over 4
33
34=item B<-sigalgs>
35
36This sets the supported signature algorithms for TLSv1.2 and TLSv1.3.
37For clients this
38value is used directly for the supported signature algorithms extension. For
39servers it is used to determine which signature algorithms to support.
40
41The B<value> argument should be a colon separated list of signature algorithms
42in order of decreasing preference of the form B<algorithm+hash> or
43B<signature_scheme>. B<algorithm>
44is one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported algorithm
45OID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384> of B<SHA512>.
46Note: algorithm and hash names are case sensitive.
47B<signature_scheme> is one of the signature schemes defined in TLSv1.3,
48specified using the IETF name, e.g., B<ecdsa_secp256r1_sha256>, B<ed25519>,
49or B<rsa_pss_pss_sha256>.
50
51If this option is not set then all signature algorithms supported by the
52OpenSSL library are permissible.
53
54Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by
55using B<RSA> as the B<algorithm> or by using one of the B<rsa_pkcs1_*>
56identifiers) are ignored in TLSv1.3 and will not be negotiated.
57
58=item B<-client_sigalgs>
59
60This sets the supported signature algorithms associated with client
61authentication for TLSv1.2 and TLSv1.3.
62For servers the value is used in the
63B<signature_algorithms> field of a B<CertificateRequest> message.
64For clients it is
65used to determine which signature algorithm to use with the client certificate.
66If a server does not request a certificate this option has no effect.
67
68The syntax of B<value> is identical to B<-sigalgs>. If not set then
69the value set for B<-sigalgs> will be used instead.
70
71=item B<-groups>
72
73This sets the supported groups. For clients, the groups are
74sent using the supported groups extension. For servers, it is used
75to determine which group to use. This setting affects groups used for
76signatures (in TLSv1.2 and earlier) and key exchange. The first group listed
77will also be used for the B<key_share> sent by a client in a TLSv1.3
78B<ClientHello>.
79
80The B<value> argument is a colon separated list of groups. The group can be
81either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
82applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g. B<prime256v1>). Group
83names are case sensitive. The list should be in order of preference with the
84most preferred group first.
85
86=item B<-curves>
87
88This is a synonym for the "-groups" command.
89
90=item B<-named_curve>
91
92This sets the temporary curve used for ephemeral ECDH modes. Only used by
93servers
94
95The B<value> argument is a curve name or the special value B<auto> which
96picks an appropriate curve based on client and server preferences. The curve
97can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
98(e.g. B<prime256v1>). Curve names are case sensitive.
99
100=item B<-cipher>
101
102Sets the TLSv1.2 and below ciphersuite list to B<value>. This list will be
103combined with any configured TLSv1.3 ciphersuites. Note: syntax checking
104of B<value> is currently not performed unless a B<SSL> or B<SSL_CTX> structure is
105associated with B<cctx>.
106
107=item B<-ciphersuites>
108
109Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon
110(":") separated list of TLSv1.3 ciphersuite names in order of preference. This
111list will be combined any configured TLSv1.2 and below ciphersuites.
112See L<ciphers(1)> for more information.
113
114
115=item B<-cert>
116
117Attempts to use the file B<value> as the certificate for the appropriate
118context. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX>
119structure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL>
120structure is set. This option is only supported if certificate operations
121are permitted.
122
123=item B<-key>
124
125Attempts to use the file B<value> as the private key for the appropriate
126context. This option is only supported if certificate operations
127are permitted. Note: if no B<-key> option is set then a private key is
128not loaded unless the flag B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set.
129
130=item B<-dhparam>
131
132Attempts to use the file B<value> as the set of temporary DH parameters for
133the appropriate context. This option is only supported if certificate
134operations are permitted.
135
136=item B<-record_padding>
137
138Attempts to pad TLSv1.3 records so that they are a multiple of B<value> in
139length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the
140B<value> must be >1 or <=16384.
141
142=item B<-no_renegotiation>
143
144Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
145B<SSL_OP_NO_RENEGOTIATION>.
146
147=item B<-min_protocol>, B<-max_protocol>
148
149Sets the minimum and maximum supported protocol.
150Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
151B<TLSv1.2>, B<TLSv1.3> for TLS; B<DTLSv1>, B<DTLSv1.2> for DTLS, and B<None>
152for no limit.
153If either the lower or upper bound is not specified then only the other bound
154applies, if specified.
155If your application supports both TLS and DTLS you can specify any of these
156options twice, once with a bound for TLS and again with an appropriate bound
157for DTLS.
158To restrict the supported protocol versions use these commands rather than the
159deprecated alternative commands below.
160
161=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
162
163Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by
164setting the corresponding options B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
165B<SSL_OP_NO_TLSv1_1>, B<SSL_OP_NO_TLSv1_2> and B<SSL_OP_NO_TLSv1_3>
166respectively. These options are deprecated, instead use B<-min_protocol> and
167B<-max_protocol>.
168
169=item B<-bugs>
170
171Various bug workarounds are set, same as setting B<SSL_OP_ALL>.
172
173=item B<-comp>
174
175Enables support for SSL/TLS compression, same as clearing
176B<SSL_OP_NO_COMPRESSION>.
177This command was introduced in OpenSSL 1.1.0.
178As of OpenSSL 1.1.0, compression is off by default.
179
180=item B<-no_comp>
181
182Disables support for SSL/TLS compression, same as setting
183B<SSL_OP_NO_COMPRESSION>.
184As of OpenSSL 1.1.0, compression is off by default.
185
186=item B<-no_ticket>
187
188Disables support for session tickets, same as setting B<SSL_OP_NO_TICKET>.
189
190=item B<-serverpref>
191
192Use server and not client preference order when determining which cipher suite,
193signature algorithm or elliptic curve to use for an incoming connection.
194Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
195
196=item B<-prioritize_chacha>
197
198Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of
199its preference list. This usually indicates a client without AES hardware
200acceleration (e.g. mobile) is in use. Equivalent to B<SSL_OP_PRIORITIZE_CHACHA>.
201Only used by servers. Requires B<-serverpref>.
202
203=item B<-no_resumption_on_reneg>
204
205set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.
206
207=item B<-legacyrenegotiation>
208
209permits the use of unsafe legacy renegotiation. Equivalent to setting
210B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
211
212=item B<-legacy_server_connect>, B<-no_legacy_server_connect>
213
214permits or prohibits the use of unsafe legacy renegotiation for OpenSSL
215clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>.
216Set by default.
217
218=item B<-allow_no_dhe_kex>
219
220In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means
221that there will be no forward secrecy for the resumed session.
222
223=item B<-strict>
224
225enables strict mode protocol handling. Equivalent to setting
226B<SSL_CERT_FLAG_TLS_STRICT>.
227
228=item B<-anti_replay>, B<-no_anti_replay>
229
230Switches replay protection, on or off respectively. With replay protection on,
231OpenSSL will automatically detect if a session ticket has been used more than
232once, TLSv1.3 has been negotiated, and early data is enabled on the server. A
233full handshake is forced if a session ticket is used a second or subsequent
234time. Anti-Replay is on by default unless overridden by a configuration file and
235is only used by servers. Anti-replay measures are required for compliance with
236the TLSv1.3 specification. Some applications may be able to mitigate the replay
237risks in other ways and in such cases the built-in OpenSSL functionality is not
238required. Switching off anti-replay is equivalent to B<SSL_OP_NO_ANTI_REPLAY>.
239
240=back
241
242=head1 SUPPORTED CONFIGURATION FILE COMMANDS
243
244Currently supported B<cmd> names for configuration files (i.e. when the
245flag B<SSL_CONF_FLAG_FILE> is set) are listed below. All configuration file
246B<cmd> names are case insensitive so B<signaturealgorithms> is recognised
247as well as B<SignatureAlgorithms>. Unless otherwise stated the B<value> names
248are also case insensitive.
249
250Note: the command prefix (if set) alters the recognised B<cmd> values.
251
252=over 4
253
254=item B<CipherString>
255
256Sets the ciphersuite list for TLSv1.2 and below to B<value>. This list will be
257combined with any configured TLSv1.3 ciphersuites. Note: syntax
258checking of B<value> is currently not performed unless an B<SSL> or B<SSL_CTX>
259structure is associated with B<cctx>.
260
261=item B<Ciphersuites>
262
263Sets the available ciphersuites for TLSv1.3 to B<value>. This is a simple colon
264(":") separated list of TLSv1.3 ciphersuite names in order of preference. This
265list will be combined any configured TLSv1.2 and below ciphersuites.
266See L<ciphers(1)> for more information.
267
268=item B<Certificate>
269
270Attempts to use the file B<value> as the certificate for the appropriate
271context. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX>
272structure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL>
273structure is set. This option is only supported if certificate operations
274are permitted.
275
276=item B<PrivateKey>
277
278Attempts to use the file B<value> as the private key for the appropriate
279context. This option is only supported if certificate operations
280are permitted. Note: if no B<PrivateKey> option is set then a private key is
281not loaded unless the B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set.
282
283=item B<ChainCAFile>, B<ChainCAPath>, B<VerifyCAFile>, B<VerifyCAPath>
284
285These options indicate a file or directory used for building certificate
286chains or verifying certificate chains. These options are only supported
287if certificate operations are permitted.
288
289=item B<RequestCAFile>
290
291This option indicates a file containing a set of certificates in PEM form.
292The subject names of the certificates are sent to the peer in the
293B<certificate_authorities> extension for TLS 1.3 (in ClientHello or
294CertificateRequest) or in a certificate request for previous versions or
295TLS.
296
297=item B<ServerInfoFile>
298
299Attempts to use the file B<value> in the "serverinfo" extension using the
300function SSL_CTX_use_serverinfo_file.
301
302=item B<DHParameters>
303
304Attempts to use the file B<value> as the set of temporary DH parameters for
305the appropriate context. This option is only supported if certificate
306operations are permitted.
307
308=item B<RecordPadding>
309
310Attempts to pad TLSv1.3 records so that they are a multiple of B<value> in
311length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the
312B<value> must be >1 or <=16384.
313
314=item B<SignatureAlgorithms>
315
316This sets the supported signature algorithms for TLSv1.2 and TLSv1.3.
317For clients this
318value is used directly for the supported signature algorithms extension. For
319servers it is used to determine which signature algorithms to support.
320
321The B<value> argument should be a colon separated list of signature algorithms
322in order of decreasing preference of the form B<algorithm+hash> or
323B<signature_scheme>. B<algorithm>
324is one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported algorithm
325OID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384> of B<SHA512>.
326Note: algorithm and hash names are case sensitive.
327B<signature_scheme> is one of the signature schemes defined in TLSv1.3,
328specified using the IETF name, e.g., B<ecdsa_secp256r1_sha256>, B<ed25519>,
329or B<rsa_pss_pss_sha256>.
330
331If this option is not set then all signature algorithms supported by the
332OpenSSL library are permissible.
333
334Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by
335using B<RSA> as the B<algorithm> or by using one of the B<rsa_pkcs1_*>
336identifiers) are ignored in TLSv1.3 and will not be negotiated.
337
338=item B<ClientSignatureAlgorithms>
339
340This sets the supported signature algorithms associated with client
341authentication for TLSv1.2 and TLSv1.3.
342For servers the value is used in the
343B<signature_algorithms> field of a B<CertificateRequest> message.
344For clients it is
345used to determine which signature algorithm to use with the client certificate.
346If a server does not request a certificate this option has no effect.
347
348The syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then
349the value set for B<SignatureAlgorithms> will be used instead.
350
351=item B<Groups>
352
353This sets the supported groups. For clients, the groups are
354sent using the supported groups extension. For servers, it is used
355to determine which group to use. This setting affects groups used for
356signatures (in TLSv1.2 and earlier) and key exchange. The first group listed
357will also be used for the B<key_share> sent by a client in a TLSv1.3
358B<ClientHello>.
359
360The B<value> argument is a colon separated list of groups. The group can be
361either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
362applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g. B<prime256v1>). Group
363names are case sensitive. The list should be in order of preference with the
364most preferred group first.
365
366=item B<Curves>
367
368This is a synonym for the "Groups" command.
369
370=item B<MinProtocol>
371
372This sets the minimum supported SSL, TLS or DTLS version.
373
374Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
375B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1> and B<DTLSv1.2>.
376The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds
377apply only to DTLS-based contexts.
378The command can be repeated with one instance setting a TLS bound, and the
379other setting a DTLS bound.
380The value B<None> applies to both types of contexts and disables the limits.
381
382=item B<MaxProtocol>
383
384This sets the maximum supported SSL, TLS or DTLS version.
385
386Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
387B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1> and B<DTLSv1.2>.
388The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds
389apply only to DTLS-based contexts.
390The command can be repeated with one instance setting a TLS bound, and the
391other setting a DTLS bound.
392The value B<None> applies to both types of contexts and disables the limits.
393
394=item B<Protocol>
395
396This can be used to enable or disable certain versions of the SSL,
397TLS or DTLS protocol.
398
399The B<value> argument is a comma separated list of supported protocols
400to enable or disable.
401If a protocol is preceded by B<-> that version is disabled.
402
403All protocol versions are enabled by default.
404You need to disable at least one protocol version for this setting have any
405effect.
406Only enabling some protocol versions does not disable the other protocol
407versions.
408
409Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
410B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1> and B<DTLSv1.2>.
411The special value B<ALL> refers to all supported versions.
412
413This can't enable protocols that are disabled using B<MinProtocol>
414or B<MaxProtocol>, but can disable protocols that are still allowed
415by them.
416
417The B<Protocol> command is fragile and deprecated; do not use it.
418Use B<MinProtocol> and B<MaxProtocol> instead.
419If you do use B<Protocol>, make sure that the resulting range of enabled
420protocols has no "holes", e.g. if TLS 1.0 and TLS 1.2 are both enabled, make
421sure to also leave TLS 1.1 enabled.
422
423=item B<Options>
424
425The B<value> argument is a comma separated list of various flags to set.
426If a flag string is preceded B<-> it is disabled.
427See the L<SSL_CTX_set_options(3)> function for more details of
428individual options.
429
430Each option is listed below. Where an operation is enabled by default
431the B<-flag> syntax is needed to disable it.
432
433B<SessionTicket>: session ticket support, enabled by default. Inverse of
434B<SSL_OP_NO_TICKET>: that is B<-SessionTicket> is the same as setting
435B<SSL_OP_NO_TICKET>.
436
437B<Compression>: SSL/TLS compression support, disabled by default. Inverse
438of B<SSL_OP_NO_COMPRESSION>.
439
440B<EmptyFragments>: use empty fragments as a countermeasure against a
441SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It
442is set by default. Inverse of B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS>.
443
444B<Bugs>: enable various bug workarounds. Same as B<SSL_OP_ALL>.
445
446B<DHSingle>: enable single use DH keys, set by default. Inverse of
447B<SSL_OP_DH_SINGLE>. Only used by servers.
448
449B<ECDHSingle>: enable single use ECDH keys, set by default. Inverse of
450B<SSL_OP_ECDH_SINGLE>. Only used by servers.
451
452B<ServerPreference>: use server and not client preference order when
453determining which cipher suite, signature algorithm or elliptic curve
454to use for an incoming connection.  Equivalent to
455B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
456
457B<PrioritizeChaCha>: prioritizes ChaCha ciphers when the client has a
458ChaCha20 cipher at the top of its preference list. This usually indicates
459a mobile client is in use. Equivalent to B<SSL_OP_PRIORITIZE_CHACHA>.
460Only used by servers.
461
462B<NoResumptionOnRenegotiation>: set
463B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers.
464
465B<NoRenegotiation>: disables all attempts at renegotiation in TLSv1.2 and
466earlier, same as setting B<SSL_OP_NO_RENEGOTIATION>.
467
468B<UnsafeLegacyRenegotiation>: permits the use of unsafe legacy renegotiation.
469Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
470
471B<UnsafeLegacyServerConnect>: permits the use of unsafe legacy renegotiation
472for OpenSSL clients only. Equivalent to B<SSL_OP_LEGACY_SERVER_CONNECT>.
473Set by default.
474
475B<EncryptThenMac>: use encrypt-then-mac extension, enabled by
476default. Inverse of B<SSL_OP_NO_ENCRYPT_THEN_MAC>: that is,
477B<-EncryptThenMac> is the same as setting B<SSL_OP_NO_ENCRYPT_THEN_MAC>.
478
479B<AllowNoDHEKEX>: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on
480resumption. This means that there will be no forward secrecy for the resumed
481session. Equivalent to B<SSL_OP_ALLOW_NO_DHE_KEX>.
482
483B<MiddleboxCompat>: If set then dummy Change Cipher Spec (CCS) messages are sent
484in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that
485middleboxes that do not understand TLSv1.3 will not drop the connection. This
486option is set by default. A future version of OpenSSL may not set this by
487default. Equivalent to B<SSL_OP_ENABLE_MIDDLEBOX_COMPAT>.
488
489B<AntiReplay>: If set then OpenSSL will automatically detect if a session ticket
490has been used more than once, TLSv1.3 has been negotiated, and early data is
491enabled on the server. A full handshake is forced if a session ticket is used a
492second or subsequent time. This option is set by default and is only used by
493servers. Anti-replay measures are required to comply with the TLSv1.3
494specification. Some applications may be able to mitigate the replay risks in
495other ways and in such cases the built-in OpenSSL functionality is not required.
496Disabling anti-replay is equivalent to setting B<SSL_OP_NO_ANTI_REPLAY>.
497
498B<KTLS>: Enables kernel TLS if support has been compiled in, and it is supported
499by the negotiated ciphersuites and extensions. Equivalent to
500B<SSL_OP_ENABLE_KTLS>.
501
502=item B<VerifyMode>
503
504The B<value> argument is a comma separated list of flags to set.
505
506B<Peer> enables peer verification: for clients only.
507
508B<Request> requests but does not require a certificate from the client.
509Servers only.
510
511B<Require> requests and requires a certificate from the client: an error
512occurs if the client does not present a certificate. Servers only.
513
514B<Once> requests a certificate from a client only on the initial connection:
515not when renegotiating. Servers only.
516
517B<RequestPostHandshake> configures the connection to support requests but does
518not require a certificate from the client post-handshake. A certificate will
519not be requested during the initial handshake. The server application must
520provide a mechanism to request a certificate post-handshake. Servers only.
521TLSv1.3 only.
522
523B<RequiresPostHandshake> configures the connection to support requests and
524requires a certificate from the client post-handshake: an error occurs if the
525client does not present a certificate. A certificate will not be requested
526during the initial handshake. The server application must provide a mechanism
527to request a certificate post-handshake. Servers only. TLSv1.3 only.
528
529=item B<ClientCAFile>, B<ClientCAPath>
530
531A file or directory of certificates in PEM format whose names are used as the
532set of acceptable names for client CAs. Servers only. This option is only
533supported if certificate operations are permitted.
534
535=back
536
537=head1 SUPPORTED COMMAND TYPES
538
539The function SSL_CONF_cmd_value_type() currently returns one of the following
540types:
541
542=over 4
543
544=item B<SSL_CONF_TYPE_UNKNOWN>
545
546The B<cmd> string is unrecognised, this return value can be use to flag
547syntax errors.
548
549=item B<SSL_CONF_TYPE_STRING>
550
551The value is a string without any specific structure.
552
553=item B<SSL_CONF_TYPE_FILE>
554
555The value is a filename.
556
557=item B<SSL_CONF_TYPE_DIR>
558
559The value is a directory name.
560
561=item B<SSL_CONF_TYPE_NONE>
562
563The value string is not used e.g. a command line option which doesn't take an
564argument.
565
566=back
567
568=head1 NOTES
569
570The order of operations is significant. This can be used to set either defaults
571or values which cannot be overridden. For example if an application calls:
572
573 SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
574 SSL_CONF_cmd(ctx, userparam, uservalue);
575
576it will disable SSLv3 support by default but the user can override it. If
577however the call sequence is:
578
579 SSL_CONF_cmd(ctx, userparam, uservalue);
580 SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
581
582SSLv3 is B<always> disabled and attempt to override this by the user are
583ignored.
584
585By checking the return code of SSL_CONF_cmd() it is possible to query if a
586given B<cmd> is recognised, this is useful if SSL_CONF_cmd() values are
587mixed with additional application specific operations.
588
589For example an application might call SSL_CONF_cmd() and if it returns
590-2 (unrecognised command) continue with processing of application specific
591commands.
592
593Applications can also use SSL_CONF_cmd() to process command lines though the
594utility function SSL_CONF_cmd_argv() is normally used instead. One way
595to do this is to set the prefix to an appropriate value using
596SSL_CONF_CTX_set1_prefix(), pass the current argument to B<cmd> and the
597following argument to B<value> (which may be NULL).
598
599In this case if the return value is positive then it is used to skip that
600number of arguments as they have been processed by SSL_CONF_cmd(). If -2 is
601returned then B<cmd> is not recognised and application specific arguments
602can be checked instead. If -3 is returned a required argument is missing
603and an error is indicated. If 0 is returned some other error occurred and
604this can be reported back to the user.
605
606The function SSL_CONF_cmd_value_type() can be used by applications to
607check for the existence of a command or to perform additional syntax
608checking or translation of the command value. For example if the return
609value is B<SSL_CONF_TYPE_FILE> an application could translate a relative
610pathname to an absolute pathname.
611
612=head1 RETURN VALUES
613
614SSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is
615B<NOT> used and 2 if both B<cmd> and B<value> are used. In other words it
616returns the number of arguments processed. This is useful when processing
617command lines.
618
619A return value of -2 means B<cmd> is not recognised.
620
621A return value of -3 means B<cmd> is recognised and the command requires a
622value but B<value> is NULL.
623
624A return code of 0 indicates that both B<cmd> and B<value> are valid but an
625error occurred attempting to perform the operation: for example due to an
626error in the syntax of B<value> in this case the error queue may provide
627additional information.
628
629=head1 EXAMPLES
630
631Set supported signature algorithms:
632
633 SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
634
635There are various ways to select the supported protocols.
636
637This set the minimum protocol version to TLSv1, and so disables SSLv3.
638This is the recommended way to disable protocols.
639
640 SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1");
641
642The following also disables SSLv3:
643
644 SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
645
646The following will first enable all protocols, and then disable
647SSLv3.
648If no protocol versions were disabled before this has the same effect as
649"-SSLv3", but if some versions were disables this will re-enable them before
650disabling SSLv3.
651
652 SSL_CONF_cmd(ctx, "Protocol", "ALL,-SSLv3");
653
654Only enable TLSv1.2:
655
656 SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2");
657 SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2");
658
659This also only enables TLSv1.2:
660
661 SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2");
662
663Disable TLS session tickets:
664
665 SSL_CONF_cmd(ctx, "Options", "-SessionTicket");
666
667Enable compression:
668
669 SSL_CONF_cmd(ctx, "Options", "Compression");
670
671Set supported curves to P-256, P-384:
672
673 SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");
674
675=head1 SEE ALSO
676
677L<SSL_CONF_CTX_new(3)>,
678L<SSL_CONF_CTX_set_flags(3)>,
679L<SSL_CONF_CTX_set1_prefix(3)>,
680L<SSL_CONF_CTX_set_ssl_ctx(3)>,
681L<SSL_CONF_cmd_argv(3)>,
682L<SSL_CTX_set_options(3)>
683
684=head1 HISTORY
685
686The SSL_CONF_cmd() function was added in OpenSSL 1.0.2.
687
688The B<SSL_OP_NO_SSL2> option doesn't have effect since 1.1.0, but the macro
689is retained for backwards compatibility.
690
691The B<SSL_CONF_TYPE_NONE> was added in OpenSSL 1.1.0. In earlier versions of
692OpenSSL passing a command which didn't take an argument would return
693B<SSL_CONF_TYPE_UNKNOWN>.
694
695B<MinProtocol> and B<MaxProtocol> where added in OpenSSL 1.1.0.
696
697B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1.
698
699=head1 COPYRIGHT
700
701Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved.
702
703Licensed under the OpenSSL license (the "License").  You may not use
704this file except in compliance with the License.  You can obtain a copy
705in the file LICENSE in the source distribution or at
706L<https://www.openssl.org/source/license.html>.
707
708=cut
709