SSL_CTX_set_min_proto_version.3ssl man page

SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version — Set minimum and maximum supported protocol version


#include <openssl/ssl.h>
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
int SSL_set_min_proto_version(SSL *ssl, int version);
int SSL_set_max_proto_version(SSL *ssl, int version);


The functions set the minimum and maximum supported protocol versions for the ctx or ssl. This works in combination with the options set via SSL_CTX_set_options(3) that also make it possible to disable specific protocol versions. Use these functions instead of disabling specific protocol versions.

Setting the minimum or maximum version to 0, will enable protocol versions down to the lowest version, or up to the highest version supported by the library, respectively.

Currently supported versions are SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION, TLS1_2_VERSION for TLS and DTLS1_VERSION, DTLS1_2_VERSION for DTLS.

Return Values

These functions return 1 on success and 0 on failure.


All these functions are implemented using macros.


The functions were added in OpenSSL 1.1.0

See Also

SSL_CTX_set_options(3), SSL_CONF_cmd(3)