1 files changed, 0 insertions, 345 deletions
diff --git a/src/lib/libssl/man/SSL_CTX_new.3 b/src/lib/libssl/man/SSL_CTX_new.3
deleted file mode 100644
index 4b50a03de4..0000000000
--- a/src/lib/libssl/man/SSL_CTX_new.3
+++ /dev/null
@@ -1,345 +0,0 @@
-.\" $OpenBSD: SSL_CTX_new.3,v 1.17 2022/07/13 22:05:53 schwarze Exp $
-.\" full merge up to: OpenSSL 21cd6e00 Oct 21 14:40:15 2015 +0100
-.\" selective merge up to: OpenSSL 8f75443f May 24 14:04:26 2019 +0200
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2005, 2012, 2013, 2015, 2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: July 13 2022 $
-.Dt SSL_CTX_NEW 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_new ,
-.Nm SSL_CTX_up_ref ,
-.Nm TLS_method ,
-.Nm TLS_server_method ,
-.Nm TLS_client_method ,
-.Nm SSLv23_method ,
-.Nm SSLv23_server_method ,
-.Nm SSLv23_client_method ,
-.Nm TLSv1_method ,
-.Nm TLSv1_server_method ,
-.Nm TLSv1_client_method ,
-.Nm TLSv1_1_method ,
-.Nm TLSv1_1_server_method ,
-.Nm TLSv1_1_client_method ,
-.Nm TLSv1_2_method ,
-.Nm TLSv1_2_server_method ,
-.Nm TLSv1_2_client_method ,
-.Nm DTLS_method ,
-.Nm DTLS_server_method ,
-.Nm DTLS_client_method ,
-.Nm DTLSv1_method ,
-.Nm DTLSv1_server_method ,
-.Nm DTLSv1_client_method ,
-.Nm DTLSv1_2_method ,
-.Nm DTLSv1_2_server_method ,
-.Nm DTLSv1_2_client_method
-.Nd create a new SSL_CTX object as a framework for TLS enabled functions
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft SSL_CTX *
-.Fn SSL_CTX_new "const SSL_METHOD *method"
-.Ft int
-.Fn SSL_CTX_up_ref "SSL_CTX *ctx"
-.Ft const SSL_METHOD *
-.Fn TLS_method void
-.Ft const SSL_METHOD *
-.Fn TLS_server_method void
-.Ft const SSL_METHOD *
-.Fn TLS_client_method void
-.Ft const SSL_METHOD *
-.Fn SSLv23_method void
-.Ft const SSL_METHOD *
-.Fn SSLv23_server_method void
-.Ft const SSL_METHOD *
-.Fn SSLv23_client_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_server_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_client_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_1_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_1_server_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_1_client_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_2_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_2_server_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_2_client_method void
-.Ft const SSL_METHOD *
-.Fn DTLS_method void
-.Ft const SSL_METHOD *
-.Fn DTLS_server_method void
-.Ft const SSL_METHOD *
-.Fn DTLS_client_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_server_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_client_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_2_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_2_server_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_2_client_method void
-.Sh DESCRIPTION
-.Fn SSL_CTX_new
-creates a new
-.Vt SSL_CTX
-object as a framework to establish TLS or DTLS enabled connections.
-It initializes the list of ciphers, the session cache setting, the
-callbacks, the keys and certificates, the options, and the security
-level to its default values.
-.Pp
-An
-.Vt SSL_CTX
-object is reference counted.
-Creating a new
-.Vt SSL_CTX
-object sets its reference count to 1.
-Calling
-.Fn SSL_CTX_up_ref
-on it increments the reference count by 1.
-Calling
-.Xr SSL_CTX_free 3
-on it decrements the reference count by 1.
-When the reference count drops to zero,
-any memory or resources allocated to the
-.Vt SSL_CTX
-object are freed.
-.Pp
-The
-.Vt SSL_CTX
-object uses
-.Fa method
-as its connection method, which can be:
-.Bl -tag -width Ds
-.It Fn TLS_method
-The general-purpose version-flexible TLS method.
-The protocol version used will be negotiated to the highest
-version mutually supported by the client and the server.
-The supported protocols are TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3.
-.It Fn DTLS_method
-The version-flexible DTLS method.
-The currently supported protocols are DTLSv1 and DTLSv1.2.
-.El
-.Pp
-The following
-.Fa method
-arguments are deprecated:
-.Bl -tag -width Ds
-.It Xo
-.Fn TLS_server_method ,
-.Fn TLS_client_method ,
-.Fn SSLv23_method ,
-.Fn SSLv23_server_method ,
-.Fn SSLv23_client_method
-.Xc
-Deprecated aliases for
-.Fn TLS_method .
-.It Xo
-.Fn DTLS_server_method ,
-.Fn DTLS_client_method
-.Xc
-Deprecated aliases for
-.Fn DTLS_method .
-.It Xo
-.Fn TLSv1_method ,
-.Fn TLSv1_server_method ,
-.Fn TLSv1_client_method
-.Xc
-A connection established with these methods will only
-understand the TLSv1 protocol.
-.It Xo
-.Fn TLSv1_1_method ,
-.Fn TLSv1_1_server_method ,
-.Fn TLSv1_1_client_method
-.Xc
-A connection established with these methods will only
-understand the TLSv1.1 protocol.
-.It Xo
-.Fn TLSv1_2_method ,
-.Fn TLSv1_2_server_method ,
-.Fn TLSv1_2_client_method
-.Xc
-A connection established with these methods will only
-understand the TLSv1.2 protocol.
-.It Xo
-.Fn DTLSv1_method ,
-.Fn DTLSv1_server_method ,
-.Fn DTLSv1_client_method
-.Xc
-These are the version-specific methods for DTLSv1.
-.It Xo
-.Fn DTLSv1_2_method ,
-.Fn DTLSv1_2_server_method ,
-.Fn DTLSv1_2_client_method
-These are the version-specific methods for DTLSv1.2.
-.Xc
-.El
-.Pp
-In LibreSSL, the methods containing the substrings
-.Dq _server
-or
-.Dq _client
-in their names return the same objects
-as the methods without these substrings.
-.Pp
-The list of protocols available can also be limited using the
-.Dv SSL_OP_NO_TLSv1 ,
-.Dv SSL_OP_NO_TLSv1_1 ,
-and
-.Dv SSL_OP_NO_TLSv1_2
-options of the
-.Xr SSL_CTX_set_options 3
-or
-.Xr SSL_set_options 3
-functions, but this approach is not recommended.
-Clients should avoid creating "holes" in the set of protocols they support.
-When disabling a protocol, make sure that you also disable either
-all previous or all subsequent protocol versions.
-In clients, when a protocol version is disabled without disabling
-all previous protocol versions, the effect is to also disable all
-subsequent protocol versions.
-.Pp
-DTLSv1 and DTLSv1.2 can be disabled with
-.Xr SSL_CTX_set_options 3
-or
-.Xr SSL_set_options 3
-using the
-.Dv SSL_OP_NO_DTLSv1
-and
-.Dv SSL_OP_NO_DTLSv1_2
-options, respectively.
-.Sh RETURN VALUES
-.Fn SSL_CTX_new
-returns a pointer to the newly allocated object or
-.Dv NULL
-on failure.
-Check the error stack to find out the reason for failure.
-.Pp
-.Fn SSL_CTX_up_ref
-returns 1 for success or 0 for failure.
-.Pp
-.Fn TLS_method
-and the other
-.Fn *_method
-functions return pointers to constant static objects.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_CTX_free 3 ,
-.Xr SSL_CTX_set_min_proto_version 3 ,
-.Xr SSL_CTX_set_options 3 ,
-.Xr SSL_CTX_set_security_level 3 ,
-.Xr SSL_set_connect_state 3
-.Sh HISTORY
-.Fn SSL_CTX_new
-first appeared in SSLeay 0.5.1.
-.Fn SSLv23_method ,
-.Fn SSLv23_server_method ,
-and
-.Fn SSLv23_client_method
-first appeared in SSLeay 0.8.0.
-.Fn TLSv1_method ,
-.Fn TLSv1_server_method ,
-and
-.Fn TLSv1_client_method
-first appeared in SSLeay 0.9.0.
-All these functions have been available since
-.Ox 2.4 .
-.Pp
-.Fn DTLSv1_method ,
-.Fn DTLSv1_server_method ,
-and
-.Fn DTLSv1_client_method
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Pp
-.Fn TLSv1_1_method ,
-.Fn TLSv1_1_server_method ,
-.Fn TLSv1_1_client_method ,
-.Fn TLSv1_2_method ,
-.Fn TLSv1_2_server_method ,
-and
-.Fn TLSv1_2_client_method
-first appeared in OpenSSL 1.0.1 and have been available since
-.Ox 5.3 .
-.Pp
-.Fn DTLS_method ,
-.Fn DTLS_server_method ,
-and
-.Fn DTLS_client_method
-first appeared in OpenSSL 1.0.2 and have been available since
-.Ox 6.5 .
-.Pp
-.Fn TLS_method ,
-.Fn TLS_server_method ,
-and
-.Fn TLS_client_method
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 5.8 .
-.Pp
-.Fn SSL_CTX_up_ref
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
-.Pp
-.Fn DTLSv1_2_method ,
-.Fn DTLSv1_2_server_method ,
-and
-.Fn DTLSv1_2_client_method
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 6.9 .

diff --git a/src/lib/libssl/man/SSL_CTX_new.3 b/src/lib/libssl/man/SSL_CTX_new.3 deleted file mode 100644 index 4b50a03de4..0000000000 --- a/src/lib/libssl/man/SSL_CTX_new.3 +++ /dev/null
@@ -1,345 +0,0 @@
1	.\" $OpenBSD: SSL_CTX_new.3,v 1.17 2022/07/13 22:05:53 schwarze Exp $
2	.\" full merge up to: OpenSSL 21cd6e00 Oct 21 14:40:15 2015 +0100
3	.\" selective merge up to: OpenSSL 8f75443f May 24 14:04:26 2019 +0200
4	.\"
5	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
6	.\" Copyright (c) 2000, 2005, 2012, 2013, 2015, 2016 The OpenSSL Project.
7	.\" All rights reserved.
8	.\"
9	.\" Redistribution and use in source and binary forms, with or without
10	.\" modification, are permitted provided that the following conditions
11	.\" are met:
12	.\"
13	.\" 1. Redistributions of source code must retain the above copyright
14	.\" notice, this list of conditions and the following disclaimer.
15	.\"
16	.\" 2. Redistributions in binary form must reproduce the above copyright
17	.\" notice, this list of conditions and the following disclaimer in
18	.\" the documentation and/or other materials provided with the
19	.\" distribution.
20	.\"
21	.\" 3. All advertising materials mentioning features or use of this
22	.\" software must display the following acknowledgment:
23	.\" "This product includes software developed by the OpenSSL Project
24	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25	.\"
26	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27	.\" endorse or promote products derived from this software without
28	.\" prior written permission. For written permission, please contact
29	.\" openssl-core@openssl.org.
30	.\"
31	.\" 5. Products derived from this software may not be called "OpenSSL"
32	.\" nor may "OpenSSL" appear in their names without prior written
33	.\" permission of the OpenSSL Project.
34	.\"
35	.\" 6. Redistributions of any form whatsoever must retain the following
36	.\" acknowledgment:
37	.\" "This product includes software developed by the OpenSSL Project
38	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39	.\"
40	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
52	.\"
53	.Dd $Mdocdate: July 13 2022 $
54	.Dt SSL_CTX_NEW 3
55	.Os
56	.Sh NAME
57	.Nm SSL_CTX_new ,
58	.Nm SSL_CTX_up_ref ,
59	.Nm TLS_method ,
60	.Nm TLS_server_method ,
61	.Nm TLS_client_method ,
62	.Nm SSLv23_method ,
63	.Nm SSLv23_server_method ,
64	.Nm SSLv23_client_method ,
65	.Nm TLSv1_method ,
66	.Nm TLSv1_server_method ,
67	.Nm TLSv1_client_method ,
68	.Nm TLSv1_1_method ,
69	.Nm TLSv1_1_server_method ,
70	.Nm TLSv1_1_client_method ,
71	.Nm TLSv1_2_method ,
72	.Nm TLSv1_2_server_method ,
73	.Nm TLSv1_2_client_method ,
74	.Nm DTLS_method ,
75	.Nm DTLS_server_method ,
76	.Nm DTLS_client_method ,
77	.Nm DTLSv1_method ,
78	.Nm DTLSv1_server_method ,
79	.Nm DTLSv1_client_method ,
80	.Nm DTLSv1_2_method ,
81	.Nm DTLSv1_2_server_method ,
82	.Nm DTLSv1_2_client_method
83	.Nd create a new SSL_CTX object as a framework for TLS enabled functions
84	.Sh SYNOPSIS
85	.In openssl/ssl.h
86	.Ft SSL_CTX *
87	.Fn SSL_CTX_new "const SSL_METHOD *method"
88	.Ft int
89	.Fn SSL_CTX_up_ref "SSL_CTX *ctx"
90	.Ft const SSL_METHOD *
91	.Fn TLS_method void
92	.Ft const SSL_METHOD *
93	.Fn TLS_server_method void
94	.Ft const SSL_METHOD *
95	.Fn TLS_client_method void
96	.Ft const SSL_METHOD *
97	.Fn SSLv23_method void
98	.Ft const SSL_METHOD *
99	.Fn SSLv23_server_method void
100	.Ft const SSL_METHOD *
101	.Fn SSLv23_client_method void
102	.Ft const SSL_METHOD *
103	.Fn TLSv1_method void
104	.Ft const SSL_METHOD *
105	.Fn TLSv1_server_method void
106	.Ft const SSL_METHOD *
107	.Fn TLSv1_client_method void
108	.Ft const SSL_METHOD *
109	.Fn TLSv1_1_method void
110	.Ft const SSL_METHOD *
111	.Fn TLSv1_1_server_method void
112	.Ft const SSL_METHOD *
113	.Fn TLSv1_1_client_method void
114	.Ft const SSL_METHOD *
115	.Fn TLSv1_2_method void
116	.Ft const SSL_METHOD *
117	.Fn TLSv1_2_server_method void
118	.Ft const SSL_METHOD *
119	.Fn TLSv1_2_client_method void
120	.Ft const SSL_METHOD *
121	.Fn DTLS_method void
122	.Ft const SSL_METHOD *
123	.Fn DTLS_server_method void
124	.Ft const SSL_METHOD *
125	.Fn DTLS_client_method void
126	.Ft const SSL_METHOD *
127	.Fn DTLSv1_method void
128	.Ft const SSL_METHOD *
129	.Fn DTLSv1_server_method void
130	.Ft const SSL_METHOD *
131	.Fn DTLSv1_client_method void
132	.Ft const SSL_METHOD *
133	.Fn DTLSv1_2_method void
134	.Ft const SSL_METHOD *
135	.Fn DTLSv1_2_server_method void
136	.Ft const SSL_METHOD *
137	.Fn DTLSv1_2_client_method void
138	.Sh DESCRIPTION
139	.Fn SSL_CTX_new
140	creates a new
141	.Vt SSL_CTX
142	object as a framework to establish TLS or DTLS enabled connections.
143	It initializes the list of ciphers, the session cache setting, the
144	callbacks, the keys and certificates, the options, and the security
145	level to its default values.
146	.Pp
147	An
148	.Vt SSL_CTX
149	object is reference counted.
150	Creating a new
151	.Vt SSL_CTX
152	object sets its reference count to 1.
153	Calling
154	.Fn SSL_CTX_up_ref
155	on it increments the reference count by 1.
156	Calling
157	.Xr SSL_CTX_free 3
158	on it decrements the reference count by 1.
159	When the reference count drops to zero,
160	any memory or resources allocated to the
161	.Vt SSL_CTX
162	object are freed.
163	.Pp
164	The
165	.Vt SSL_CTX
166	object uses
167	.Fa method
168	as its connection method, which can be:
169	.Bl -tag -width Ds
170	.It Fn TLS_method
171	The general-purpose version-flexible TLS method.
172	The protocol version used will be negotiated to the highest
173	version mutually supported by the client and the server.
174	The supported protocols are TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3.
175	.It Fn DTLS_method
176	The version-flexible DTLS method.
177	The currently supported protocols are DTLSv1 and DTLSv1.2.
178	.El
179	.Pp
180	The following
181	.Fa method
182	arguments are deprecated:
183	.Bl -tag -width Ds
184	.It Xo
185	.Fn TLS_server_method ,
186	.Fn TLS_client_method ,
187	.Fn SSLv23_method ,
188	.Fn SSLv23_server_method ,
189	.Fn SSLv23_client_method
190	.Xc
191	Deprecated aliases for
192	.Fn TLS_method .
193	.It Xo
194	.Fn DTLS_server_method ,
195	.Fn DTLS_client_method
196	.Xc
197	Deprecated aliases for
198	.Fn DTLS_method .
199	.It Xo
200	.Fn TLSv1_method ,
201	.Fn TLSv1_server_method ,
202	.Fn TLSv1_client_method
203	.Xc
204	A connection established with these methods will only
205	understand the TLSv1 protocol.
206	.It Xo
207	.Fn TLSv1_1_method ,
208	.Fn TLSv1_1_server_method ,
209	.Fn TLSv1_1_client_method
210	.Xc
211	A connection established with these methods will only
212	understand the TLSv1.1 protocol.
213	.It Xo
214	.Fn TLSv1_2_method ,
215	.Fn TLSv1_2_server_method ,
216	.Fn TLSv1_2_client_method
217	.Xc
218	A connection established with these methods will only
219	understand the TLSv1.2 protocol.
220	.It Xo
221	.Fn DTLSv1_method ,
222	.Fn DTLSv1_server_method ,
223	.Fn DTLSv1_client_method
224	.Xc
225	These are the version-specific methods for DTLSv1.
226	.It Xo
227	.Fn DTLSv1_2_method ,
228	.Fn DTLSv1_2_server_method ,
229	.Fn DTLSv1_2_client_method
230	These are the version-specific methods for DTLSv1.2.
231	.Xc
232	.El
233	.Pp
234	In LibreSSL, the methods containing the substrings
235	.Dq _server
236	or
237	.Dq _client
238	in their names return the same objects
239	as the methods without these substrings.
240	.Pp
241	The list of protocols available can also be limited using the
242	.Dv SSL_OP_NO_TLSv1 ,
243	.Dv SSL_OP_NO_TLSv1_1 ,
244	and
245	.Dv SSL_OP_NO_TLSv1_2
246	options of the
247	.Xr SSL_CTX_set_options 3
248	or
249	.Xr SSL_set_options 3
250	functions, but this approach is not recommended.
251	Clients should avoid creating "holes" in the set of protocols they support.
252	When disabling a protocol, make sure that you also disable either
253	all previous or all subsequent protocol versions.
254	In clients, when a protocol version is disabled without disabling
255	all previous protocol versions, the effect is to also disable all
256	subsequent protocol versions.
257	.Pp
258	DTLSv1 and DTLSv1.2 can be disabled with
259	.Xr SSL_CTX_set_options 3
260	or
261	.Xr SSL_set_options 3
262	using the
263	.Dv SSL_OP_NO_DTLSv1
264	and
265	.Dv SSL_OP_NO_DTLSv1_2
266	options, respectively.
267	.Sh RETURN VALUES
268	.Fn SSL_CTX_new
269	returns a pointer to the newly allocated object or
270	.Dv NULL
271	on failure.
272	Check the error stack to find out the reason for failure.
273	.Pp
274	.Fn SSL_CTX_up_ref
275	returns 1 for success or 0 for failure.
276	.Pp
277	.Fn TLS_method
278	and the other
279	.Fn *_method
280	functions return pointers to constant static objects.
281	.Sh SEE ALSO
282	.Xr ssl 3 ,
283	.Xr SSL_accept 3 ,
284	.Xr SSL_CTX_free 3 ,
285	.Xr SSL_CTX_set_min_proto_version 3 ,
286	.Xr SSL_CTX_set_options 3 ,
287	.Xr SSL_CTX_set_security_level 3 ,
288	.Xr SSL_set_connect_state 3
289	.Sh HISTORY
290	.Fn SSL_CTX_new
291	first appeared in SSLeay 0.5.1.
292	.Fn SSLv23_method ,
293	.Fn SSLv23_server_method ,
294	and
295	.Fn SSLv23_client_method
296	first appeared in SSLeay 0.8.0.
297	.Fn TLSv1_method ,
298	.Fn TLSv1_server_method ,
299	and
300	.Fn TLSv1_client_method
301	first appeared in SSLeay 0.9.0.
302	All these functions have been available since
303	.Ox 2.4 .
304	.Pp
305	.Fn DTLSv1_method ,
306	.Fn DTLSv1_server_method ,
307	and
308	.Fn DTLSv1_client_method
309	first appeared in OpenSSL 0.9.8 and have been available since
310	.Ox 4.5 .
311	.Pp
312	.Fn TLSv1_1_method ,
313	.Fn TLSv1_1_server_method ,
314	.Fn TLSv1_1_client_method ,
315	.Fn TLSv1_2_method ,
316	.Fn TLSv1_2_server_method ,
317	and
318	.Fn TLSv1_2_client_method
319	first appeared in OpenSSL 1.0.1 and have been available since
320	.Ox 5.3 .
321	.Pp
322	.Fn DTLS_method ,
323	.Fn DTLS_server_method ,
324	and
325	.Fn DTLS_client_method
326	first appeared in OpenSSL 1.0.2 and have been available since
327	.Ox 6.5 .
328	.Pp
329	.Fn TLS_method ,
330	.Fn TLS_server_method ,
331	and
332	.Fn TLS_client_method
333	first appeared in OpenSSL 1.1.0 and have been available since
334	.Ox 5.8 .
335	.Pp
336	.Fn SSL_CTX_up_ref
337	first appeared in OpenSSL 1.1.0 and has been available since
338	.Ox 6.3 .
339	.Pp
340	.Fn DTLSv1_2_method ,
341	.Fn DTLSv1_2_server_method ,
342	and
343	.Fn DTLSv1_2_client_method
344	first appeared in OpenSSL 1.1.0 and have been available since
345	.Ox 6.9 .