xref: /freebsd/crypto/openssl/doc/man3/SSL_CTX_set_timeout.pod (revision 911f0260390e18cf85f3dbf2c719b593efdc1e3c)
1=pod
2
3=head1 NAME
4
5SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
12 long SSL_CTX_get_timeout(SSL_CTX *ctx);
13
14=head1 DESCRIPTION
15
16SSL_CTX_set_timeout() sets the timeout for newly created sessions for
17B<ctx> to B<t>. The timeout value B<t> must be given in seconds.
18
19SSL_CTX_get_timeout() returns the currently set timeout value for B<ctx>.
20
21=head1 NOTES
22
23Whenever a new session is created, it is assigned a maximum lifetime. This
24lifetime is specified by storing the creation time of the session and the
25timeout value valid at this time. If the actual time is later than creation
26time plus timeout, the session is not reused.
27
28Due to this realization, all sessions behave according to the timeout value
29valid at the time of the session negotiation. Changes of the timeout value
30do not affect already established sessions.
31
32The expiration time of a single session can be modified using the
33L<SSL_SESSION_get_time(3)> family of functions.
34
35Expired sessions are removed from the internal session cache, whenever
36L<SSL_CTX_flush_sessions(3)> is called, either
37directly by the application or automatically (see
38L<SSL_CTX_set_session_cache_mode(3)>)
39
40The default value for session timeout is decided on a per protocol
41basis, see L<SSL_get_default_timeout(3)>.
42All currently supported protocols have the same default timeout value
43of 300 seconds.
44
45This timeout value is used as the ticket lifetime hint for stateless session
46tickets. It is also used as the timeout value within the ticket itself.
47
48For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
49seconds).
50
51For TLSv1.2, tickets generated during an initial handshake use the value
52as specified. Tickets generated during a resumed handshake have a value
53of 0 for the ticket lifetime hint.
54
55=head1 RETURN VALUES
56
57SSL_CTX_set_timeout() returns the previously set timeout value.
58
59SSL_CTX_get_timeout() returns the currently set timeout value.
60
61=head1 SEE ALSO
62
63L<ssl(7)>,
64L<SSL_CTX_set_session_cache_mode(3)>,
65L<SSL_SESSION_get_time(3)>,
66L<SSL_CTX_flush_sessions(3)>,
67L<SSL_get_default_timeout(3)>
68
69=head1 COPYRIGHT
70
71Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
72
73Licensed under the Apache License 2.0 (the "License").  You may not use
74this file except in compliance with the License.  You can obtain a copy
75in the file LICENSE in the source distribution or at
76L<https://www.openssl.org/source/license.html>.
77
78=cut
79