1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimSSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim #include <openssl/ssl.h> 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); 12e71b7053SJung-uk Kim long SSL_CTX_get_timeout(SSL_CTX *ctx); 13e71b7053SJung-uk Kim 14e71b7053SJung-uk Kim=head1 DESCRIPTION 15e71b7053SJung-uk Kim 16e71b7053SJung-uk KimSSL_CTX_set_timeout() sets the timeout for newly created sessions for 17e71b7053SJung-uk KimB<ctx> to B<t>. The timeout value B<t> must be given in seconds. 18e71b7053SJung-uk Kim 19e71b7053SJung-uk KimSSL_CTX_get_timeout() returns the currently set timeout value for B<ctx>. 20e71b7053SJung-uk Kim 21e71b7053SJung-uk Kim=head1 NOTES 22e71b7053SJung-uk Kim 23e71b7053SJung-uk KimWhenever a new session is created, it is assigned a maximum lifetime. This 24e71b7053SJung-uk Kimlifetime is specified by storing the creation time of the session and the 25e71b7053SJung-uk Kimtimeout value valid at this time. If the actual time is later than creation 26e71b7053SJung-uk Kimtime plus timeout, the session is not reused. 27e71b7053SJung-uk Kim 28e71b7053SJung-uk KimDue to this realization, all sessions behave according to the timeout value 29e71b7053SJung-uk Kimvalid at the time of the session negotiation. Changes of the timeout value 30e71b7053SJung-uk Kimdo not affect already established sessions. 31e71b7053SJung-uk Kim 32e71b7053SJung-uk KimThe expiration time of a single session can be modified using the 33e71b7053SJung-uk KimL<SSL_SESSION_get_time(3)> family of functions. 34e71b7053SJung-uk Kim 35e71b7053SJung-uk KimExpired sessions are removed from the internal session cache, whenever 36e71b7053SJung-uk KimL<SSL_CTX_flush_sessions(3)> is called, either 37e71b7053SJung-uk Kimdirectly by the application or automatically (see 38e71b7053SJung-uk KimL<SSL_CTX_set_session_cache_mode(3)>) 39e71b7053SJung-uk Kim 40e71b7053SJung-uk KimThe default value for session timeout is decided on a per protocol 41e71b7053SJung-uk Kimbasis, see L<SSL_get_default_timeout(3)>. 42e71b7053SJung-uk KimAll currently supported protocols have the same default timeout value 43e71b7053SJung-uk Kimof 300 seconds. 44e71b7053SJung-uk Kim 4534252e89SJung-uk KimThis timeout value is used as the ticket lifetime hint for stateless session 4634252e89SJung-uk Kimtickets. It is also used as the timeout value within the ticket itself. 4734252e89SJung-uk Kim 4834252e89SJung-uk KimFor TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800 4934252e89SJung-uk Kimseconds). 5034252e89SJung-uk Kim 5134252e89SJung-uk KimFor TLSv1.2, tickets generated during an initial handshake use the value 5234252e89SJung-uk Kimas specified. Tickets generated during a resumed handshake have a value 5334252e89SJung-uk Kimof 0 for the ticket lifetime hint. 5434252e89SJung-uk Kim 55e71b7053SJung-uk Kim=head1 RETURN VALUES 56e71b7053SJung-uk Kim 57e71b7053SJung-uk KimSSL_CTX_set_timeout() returns the previously set timeout value. 58e71b7053SJung-uk Kim 59e71b7053SJung-uk KimSSL_CTX_get_timeout() returns the currently set timeout value. 60e71b7053SJung-uk Kim 61e71b7053SJung-uk Kim=head1 SEE ALSO 62e71b7053SJung-uk Kim 63e71b7053SJung-uk KimL<ssl(7)>, 64e71b7053SJung-uk KimL<SSL_CTX_set_session_cache_mode(3)>, 65e71b7053SJung-uk KimL<SSL_SESSION_get_time(3)>, 66e71b7053SJung-uk KimL<SSL_CTX_flush_sessions(3)>, 67e71b7053SJung-uk KimL<SSL_get_default_timeout(3)> 68e71b7053SJung-uk Kim 69e71b7053SJung-uk Kim=head1 COPYRIGHT 70e71b7053SJung-uk Kim 7134252e89SJung-uk KimCopyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. 72e71b7053SJung-uk Kim 73*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 74e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 75e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 76e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 77e71b7053SJung-uk Kim 78e71b7053SJung-uk Kim=cut 79