SSL_CTX_set_min_proto_version.3ssl man page

SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_version — Get and set minimum and maximum supported protocol version


 #include <openssl/ssl.h>

 int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
 int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
 int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
 int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);

 int SSL_set_min_proto_version(SSL *ssl, int version);
 int SSL_set_max_proto_version(SSL *ssl, int version);
 int SSL_get_min_proto_version(SSL *ssl);
 int SSL_get_max_proto_version(SSL *ssl);


The functions get or set the minimum and maximum supported protocol versions for the ctx or ssl. This works in combination with the options set via SSL_CTX_set_options(3) that also make it possible to disable specific protocol versions. Use these functions instead of disabling specific protocol versions.

Setting the minimum or maximum version to 0, will enable protocol versions down to the lowest version, or up to the highest version supported by the library, respectively.

Getters return 0 in case ctx or ssl have been configured to automatically use the lowest or highest version supported by the library.

Currently supported versions are SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION, TLS1_2_VERSION for TLS and DTLS1_VERSION, DTLS1_2_VERSION for DTLS.

Return Values

These setter functions return 1 on success and 0 on failure. The getter functions return the configured version or 0 for auto-configuration of lowest or highest protocol, respectively.


All these functions are implemented using macros.


The setter functions were added in OpenSSL 1.1.0. The getter functions were added in OpenSSL 1.1.1.

See Also

SSL_CTX_set_options(3), SSL_CONF_cmd(3)


2017-11-02 1.1.0g OpenSSL