xref: /freebsd/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 (revision 2f9966ff63d65bd474478888c9088eeae3f9c669)
Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)

Standard preamble:
========================================================================
..
..
.. Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================

Title "SSL_CTX_SET_TIMEOUT 3ossl"
SSL_CTX_SET_TIMEOUT 3ossl "2023-09-19" "3.0.11" "OpenSSL"
For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
"NAME"
SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching
"SYNOPSIS"
Header "SYNOPSIS" .Vb 1 #include <openssl/ssl.h> \& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); long SSL_CTX_get_timeout(SSL_CTX *ctx); .Ve
"DESCRIPTION"
Header "DESCRIPTION" \fBSSL_CTX_set_timeout() sets the timeout for newly created sessions for \fBctx to t. The timeout value t must be given in seconds.

\fBSSL_CTX_get_timeout() returns the currently set timeout value for ctx.

"NOTES"
Header "NOTES" Whenever a new session is created, it is assigned a maximum lifetime. This lifetime is specified by storing the creation time of the session and the timeout value valid at this time. If the actual time is later than creation time plus timeout, the session is not reused.

Due to this realization, all sessions behave according to the timeout value valid at the time of the session negotiation. Changes of the timeout value do not affect already established sessions.

The expiration time of a single session can be modified using the \fBSSL_SESSION_get_time\|(3) family of functions.

Expired sessions are removed from the internal session cache, whenever \fBSSL_CTX_flush_sessions\|(3) is called, either directly by the application or automatically (see \fBSSL_CTX_set_session_cache_mode\|(3))

The default value for session timeout is decided on a per protocol basis, see SSL_get_default_timeout\|(3). All currently supported protocols have the same default timeout value of 300 seconds.

This timeout value is used as the ticket lifetime hint for stateless session tickets. It is also used as the timeout value within the ticket itself.

For TLSv1.3, \s-1RFC8446\s0 limits transmission of this value to 1 week (604800 seconds).

For TLSv1.2, tickets generated during an initial handshake use the value as specified. Tickets generated during a resumed handshake have a value of 0 for the ticket lifetime hint.

"RETURN VALUES"
Header "RETURN VALUES" \fBSSL_CTX_set_timeout() returns the previously set timeout value.

\fBSSL_CTX_get_timeout() returns the currently set timeout value.

"SEE ALSO"
Header "SEE ALSO" \fBssl\|(7), \fBSSL_CTX_set_session_cache_mode\|(3), \fBSSL_SESSION_get_time\|(3), \fBSSL_CTX_flush_sessions\|(3), \fBSSL_get_default_timeout\|(3)
"COPYRIGHT"
Header "COPYRIGHT" Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.