SSL_CTX_SET_MODE(3) BSD Library Functions Manual SSL_CTX_SET_MODE(3)NAME
SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode — manipu‐
late SSL engine mode
SYNOPSIS
#include <openssl/ssl.h>
long
SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
long
SSL_set_mode(SSL *ssl, long mode);
long
SSL_CTX_get_mode(SSL_CTX *ctx);
long
SSL_get_mode(SSL *ssl);
DESCRIPTIONSSL_CTX_set_mode() adds the mode set via bitmask in mode to ctx. Options
already set before are not cleared.
SSL_set_mode() adds the mode set via bitmask in mode to ssl. Options
already set before are not cleared.
SSL_CTX_get_mode() returns the mode set for ctx.
SSL_get_mode() returns the mode set for ssl.
NOTES
The following mode changes are available:
SSL_MODE_ENABLE_PARTIAL_WRITE
Allow SSL_write(..., n) to return r with 0 < r < n (i.e., report
success when just a single record has been written). When not
set (the default), SSL_write(3) will only report success once the
complete chunk was written. Once SSL_write(3) returns with r, r
bytes have been successfully written and the next call to
SSL_write(3) must only send the n − r bytes left, imitating the
behaviour of write(2).
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
Make it possible to retry SSL_write(3) with changed buffer loca‐
tion (the buffer contents must stay the same). This is not the
default to avoid the misconception that non-blocking SSL_write(3)
behaves like non-blocking write(2).
SSL_MODE_AUTO_RETRY
Never bother the application with retries if the transport is
blocking. If a renegotiation take place during normal operation,
a SSL_read(3) or SSL_write(3) would return with −1 and indicate
the need to retry with SSL_ERROR_WANT_READ. In a non-blocking
environment applications must be prepared to handle incomplete
read/write operations. In a blocking environment, applications
are not always prepared to deal with read/write operations
returning without success report. The flag SSL_MODE_AUTO_RETRY
will cause read/write operations to only return after the hand‐
shake and successful completion.
SSL_MODE_RELEASE_BUFFERS
When we no longer need a read buffer or a write buffer for a
given SSL, then release the memory we were using to hold it.
Released memory is either appended to a list of unused RAM chunks
on the SSL_CTX, or simply freed if the list of unused chunks
would become longer than SSL_CTX->freelist_max_len, which
defaults to 32. Using this flag can save around 34k per idle SSL
connection. This flag has no effect on SSL v2 connections, or on
DTLS connections.
RETURN VALUESSSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask after
adding mode.
SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.
SEE ALSOssl(3), SSL_read(3), SSL_write(3)HISTORY
SSL_MODE_AUTO_RETRY was added in OpenSSL 0.9.6.
BSD June 5, 2024 BSD