OpenSSLWiki - User contributions [en]

List of SSL OP Flags

2021-08-05T20:51:02Z

Tmshort: Update for 3.0

== Option Flags ==
This page lists all the SSL_OP flags available in OpenSSL. These values are passed to the '''SSL_CTX_set_options()''', '''SSL_CTX_clear_options()''' functions and returned by the SSL_CTX_get_options() function (and corresponding SSL-equivalents).

Options with a value of 0 have no effect.

OpenSSL 3.0 changed the type of the option value to be '''uint64_t''', to support more than 32 options. In addition, the definitions were changed to use the '''SSL_OP_BIT()''' macro.

== Table of Options ==

{| class="wikitable"
! Option Name !! Description !! 1.0.2 value !! 1.1.0 value !! 1.1.1 value !! 3.0 value
|-
| SSL_OP_MICROSOFT_SESS_ID_BUG || No effect. || 0x00000001 || 0 || 0** || 0
|-
| SSL_OP_NO_EXTENDED_MASTER_SECRET || Disables (RFC7627) Extended Master Secret support. || Not defined || Not defined || Not defined || SSL_OP_BIT(0)
|-
| SSL_OP_NETSCAPE_CHALLENGE_BUG || No effect. || 0x00000002 || 0 || 0** || 0
|-
| SSL_OP_CLEANSE_PLAINTEXT || Cleanse plaintext copies of data delivered to the application. || Not defined || Not defined || Not defined || SSL_OP_BIT(1)
|-
| SSL_OP_LEGACY_SERVER_CONNECT || Allow legacy insecure renegotiation between OpenSSL and unpatched servers only. || 0x00000004 || 0x00000004 || 0x00000004U || SSL_OP_BIT(2)
|-
| SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG || No effect. || 0x00000008 || 0 || 0** || 0
|-
| SSL_OP_ENABLE_KTLS || KTLS (Linux Kernel TLS) Support || Not defined || Not defined || Not defined || SSL_OP_BIT(3)
|-
| SSL_OP_TLSEXT_PADDING || Adds a padding extension to ensure the ClientHello size is never between 256 and 511 bytes in length. || 0x00000010 || 0x00000010 || 0x00000010U || SSL_OP_BIT(4)
|-
| SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER || Accept large records (18K+) from Microsoft servers/clients. || 0x00000020 || 0 || 0** || 0
|-
| SSL_OP_SAFARI_ECDHE_ECDSA_BUG || Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8...10.8.3 has broken support for ECDHE-ECDSA ciphers. || 0x00000040 || 0x00000040 || 0x00000040U || SSL_OP_BIT(6)
|-
| SSL_OP_SSLEAY_080_CLIENT_DH_BUG || Allow invalid client DH parameters during client key exchange. || 0x00000080 || 0 || 0** || 0
|-
| SSL_OP_IGNORE_UNEXPECTED_EOF || Ignore missing close-notify alerts. || Not defined || Not defined || Not defined || SSL_OP_BIT(7)
|-
| SSL_OP_TLS_D5_BUG || Allow invalid RSA encrypted length from client during client key exchange. || 0x00000100 || 0 || 0** || 0
|-
| SSL_OP_ALLOW_CLIENT_RENEGOTIATION || Allow the use of client renegotiation. || Not defined || Not defined || Not defined || SSL_OP_BIT(8)
|-
| SSL_OP_TLS_BLOCK_PADDING_BUG || Compensate for incorrect padding. || 0x00000200 || 0 || 0** || 0
|-
| SSL_OP_DISABLE_TLSEXT_CA_NAMES || Disable TLS extension CA names for Windows compatibility. || Not defined || Not defined || Not defined || SSL_OP_BIT(9)
|-
| SSL_OP_ALLOW_NO_DHE_KEX || In TLSv1.3 allow a non-(EC)DHE-based key exchange mode || Not defined || Not defined || 0x00000400U || SSL_OP_BIT(10)
|-
| SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS || Disables a counter-measure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken (Microsoft) SSL implementations.|| 0x00000800 || 0x00000800 || 0x00000800U || SSL_OP_BIT(11)
|-
| SSL_OP_NO_QUERY_MTU || DTLS PMTU option. || 0x00001000 || 0x00001000 || 0x00001000U || SSL_OP_BIT(12)
|-
| SSL_OP_COOKIE_EXCHANGE || Turn on Cookie Exchange (on relevant for servers). || 0x00002000 || 0x00002000 || 0x00002000U || SSL_OP_BIT(13)
|-
| SSL_OP_NO_TICKET || Don't use RFC4507 ticket extension. || 0x00004000 || 0x00004000 || 0x00004000U || SSL_OP_BIT(14)
|-
| SSL_OP_CISCO_ANYCONNECT || Use Cisco's version identifier of DTLS_BAD_VER (only with deprecated DTLSv1_client_method()). || 0x00008000 || 0x00008000 || 0x00008000U || SSL_OP_BIT(15)
|-
| SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION || As server, disallow session resumption on renegotiation. || 0x00010000 || 0x00010000 || 0x00010000U || SSL_OP_BIT(16)
|-
| SSL_OP_NO_COMPRESSION || Don't use compression even if supported. This is on by default, but not in SSL_OP_ALL. || 0x00020000 || 0x00020000 || 0x00020000U || SSL_OP_BIT(17)
|-
| SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION || Permit unsafe legacy renegotiation. || 0x00040000 || 0x00040000 || 0x00040000U || SSL_OP_BIT(18)
|-
| SSL_OP_SINGLE_ECDH_USE || If set, always create a new key when using tmp_ecdh parameters. || 0x00080000 || 0 || 0 || 0
|-
| SSL_OP_NO_ENCRYPT_THEN MAC || Disable encrypt-then-MAC || Not defined || Not defined || 0x00080000U || SSL_OP_BIT(19)
|-
| SSL_OP_SINGLE_DH_USE || If set, always create a new key when using tmp_dh parameters (In recent 1.0.2, does nothing: retained for compatibility). || 0x00100000 || 0 || 0 || 0
|-
| SSL_OP_ENABLE_MIDDLEBOX_COMPAT || Enable TLSv1.3 Compatibility mode. This is on by default, but not in SSL_OP_ALL. || Not defined || Not defined || 0x00100000 || SSL_OP_BIT(20)
|-
| SSL_OP_PRIORITIZE_CHACHA || Prioritize ChaCha20Poly1305 on servers when client does. || Not defined || Not defined || 0x00200000U || SSL_OP_BIT(21)
|-
| SSL_OP_CIPHER_SERVER_PREFERENCE || Set on servers to choose the cipher according to the server's preferences || 0x00400000 || 0x00400000 || 0x00400000U || SSL_OP_BIT(22)
|-
| SSL_OP_TLS_ROLLBACK_BUG || Allow a client to specify SSLv3.0 in the pre-master secret even if TLSv1.0 was specified in the ClientHello. || 0x00800000 || 0x00800000 || 0x00800000U || SSL_OP_BIT(23)
|-
| SSL_OP_NO_SSLv2 || Disable SSLv2. || 0x01000000 || 0 || 0 || 0
|-
| SSL_OP_NO_ANTI_REPLAY || Disable anti-replay support || Not defined || Not defined || 0x01000000U || SSL_OP_BIT(24)
|-
| SSL_OP_NO_SSLv3 || Disable SSLv3. || 0x02000000 || 0x02000000 || 0x02000000U || SSL_OP_BIT(25)
|-
| SSL_OP_NO_TLSv1/SSL_OP_NO_DTLSv1 || Disable TLSv1/DTLSv1. || 0x04000000 || 0x04000000 || 0x04000000U || SSL_OP_BIT(26)
|-
| SSL_OP_NO_TLSv1_2/SSL_OP_NO_DTLSv1_2 || Disable TLSv1.2/DTLSv1.2. || 0x08000000 || 0x08000000 || 0x08000000U || SSL_OP_BIT(27)
|-
| SSL_OP_NO_TLSv1_1 || Disable TLSv1.1. || 0x10000000 || 0x10000000 || 0x10000000U || SSL_OP_BIT(28)
|-
| SSL_OP_NETSCAPE_CA_DN_BUG || || 0x20000000 || 0 || 0 || 0
|-
| SSL_OP_NO_TLSv1_3 || Diable TLSv1.3 || Not defined || Not defined || 0x20000000U || SSL_OP_BIT(29)
|-
| SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG || || 0x40000000 || 0 || 0 || 0
|-
| SSL_OP_NO_RENEGOTIATION || Disallow all renegotiation || Not defined || Not defined || 0x40000000U || SSL_OP_BIT(30)
|-
| SSL_OP_CRYPTOPRO_TLSEXT_BUG || Adds a ServerHello TLSEXT when using a GOST cipher. || 0x80000000 || 0x80000000 || 0x80000000U || SSL_OP_BIT(31)
|-
| SSL_OP_PKCS1_CHECK_1 || No effect. || 0 || 0 || 0 || 0
|-
| SSL_OP_PKCS1_CHECK_2 || No effect. || 0 || 0 || 0 || 0
|-
| SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG || No effect. || 0 || 0 || 0 || 0
|-
| SSL_OP_MSIE_SSLV2_RSA_PADDING || No effect.|| 0 || 0 || 0 || 0
|-
| SSL_OP_EPHEMERAL_RSA || No effect. || 0 || 0 || 0 || 0
|-
| SSL_OP_NO_SSL_MASK || <nowiki>SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3</nowiki> || 0x1F000000 || 0x1E000000 || 0x3E000000U || (See description)
|-
| SSL_OP_NO_DTLS_MASK || <nowiki>SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2</nowiki> || Not defined || Not defined || 0x0C000000U || (See description)
|-
| SSL_OP_ALL || Default set of options. || 0x80000BFF || 0x80000BFF || 0x80000854U || (See below)
|}

Note: ** In this version, the original bit value (non-zero) is available for re-use in the ''next'' version.
== SSL_OP_ALL ==
=== OpenSSL 3.0 ===
In OpenSSL 3.0, the number of options contained within SSL_OP_ALL has been reduced:

* SSL_OP_CRYPTOPRO_TLSEXT_BUG
* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
* SSL_OP_TLSEXT_PADDING
* SSL_OP_SAFARI_ECDHE_ECDSA_BUG

=== OpenSSL 1.1.1 ===
In OpenSSL 1.1.1, the SSL_OP_ALL option changed value to include only those bits that have a defintion. This means that 1.1.0 and 1.1.1, although ABI compatible, have different values for default enabled options. The result of this is that several option bits marked by ** cannot be re-assigned until 3.0.0.

=== OpenSSL 1.1.0 ===
As of 1.1.0, these options are enabled by default via SSL_OP_ALL:

* SSL_OP_CRYPTOPRO_TLSEXT_BUG
* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
* SSL_OP_LEGACY_SERVER_CONNECT
* SSL_OP_TLSEXT_PADDING
* SSL_OP_SAFARI_ECDHE_ECDSA_BUG

=== Enabled by Default ===

The following options are enabled by default (1.1.1 and 3.0), but are not included in SSL_OP_ALL:

* SSL_OP_NO_COMPRESSION
* SSL_OP_ENABLE_MIDDLEBOX_COMPAT

They can be disabled via '''SSL_clear_options()'''. A future version of OpenSSL may
not set these by default.

== Protocol Version Options ==

The following options control the protocols enabled on an SSL or SSL_CTX:

* SSL_OP_NO_SSLv2
* SSL_OP_NO_SSLv3
* SSL_OP_NO_TLSv1
* SSL_OP_NO_TLSv1_1
* SSL_OP_NO_TLSv1_2
* SSL_OP_NO_TLSv1_3
* SSL_OP_NO_DTLSv1
* SSL_OP_NO_DTLSv1_2

These options are deprecated as of 1.1.0, use '''SSL_CTX_set_min_proto_version()''' and '''SSL_CTX_set_max_proto_version()''' instead.

== Available Bits ==

The the change from '''unsigned long''' to '''uin64_t''', many more options are now available.

As of this writing (just before 3.0 is released), the following bits are available (i.e. unused):

* SSL_OP_BIT(5)
* SSL_OP_BIT(32) through SSL_OP_BIT(63)

Bit values greater than 63 are not permitted and may cause undefined behavior.

== Historical Options and Notes ==

=== SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ===

This option does nothing, but was retained for compatibility. In 1.0.1 this option had a value of 0x00000010, but that was taken over by SSL_OP_TLS_PADDING in 1.0.2; this option's value was changed to 0 in 1.0.2. It was included in SSL_OP_ALL. The defintion was removed from 1.1.0.

=== SSL_OP_MSIE_SSLV2_RSA_PADDING ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00000040; this option's value was changed to 0 in 1.0.2.

=== SSL_OP_SINGLE_DH_USE ===

If set, always create a new key when using tmp_dh parameters. As of 1.0.2f single-DH key use is always on, and this option does nothing, and is retained for compatibility.

=== SSL_OP_EPHEMERAL_RSA ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00200000; this option's value was changed to 0 in 1.0.2. This option always used the tmp_rsa key when doing RSA operations, even when this violated protocol specs.

=== SSL_OP_PRIORITIZE_CHACHA ===

This option has no effect if SSL_OP_CIPHER_SERVER_PREFERENCE is not enabled.

=== SSL_OP_TLS_ROLLBACK_BUG ===

This option had a value of 0x00000400 in 0.9.6. If set, a server will allow a client to issue a SSLv3.0 version number as latest version supported in the premaster secret, even when TLSv1.0 (version 3.1) was announced in the client hello. Normally this is forbidden to prevent version rollback attacks.

Added in 0.9.6 and was automatically enabled via SSL_OP_ALL. In 0.9.7, it was removed from SSL_OP_ALL and must be explicitly set.

=== SSL_OP_PKCS1_CHECK_1 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x08000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

=== SSL_OP_PKCS1_CHECK_2 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x10000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

=== SSL_OP_CIPHER_SERVER_PREFERENCE ===

Added in 0.9.7.

=== SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION ===

Added in 0.9.7.

=== SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS ===

Added in 0.9.6e to disable the fragment insertion that was added in 0.9.6d (where it was always enabled). Versions up to 0.9.6c do not include the countermeasure.

=== SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ===

Added in 0.9.8m.

=== SSL_OP_LEGACY_SERVER_CONNECT ===

Added in 0.9.8m.

List of SSL OP Flags

2019-07-29T14:21:20Z

Tmshort:

This page lists all the SSL_OP flags available in OpenSSL. These values are passed to the SSL_CTX_set_options(), SSL_CTX_clear_options() functions and returned by the SSL_CTX_get_options() function (and corresponding SSL-equivalents).

Options with a value of 0 have no effect.

== Table of Options ==

{| class="wikitable"
! Option Name !! SSL_OP_ALL !! Description !! 1.0.2 value !! 1.1.0 value !! 1.1.1 value
|-
| SSL_OP_MICROSOFT_SESS_ID_BUG || Yes || No effect. || 0x00000001 || 0 || 0**
|-
| SSL_OP_NETSCAPE_CHALLENGE_BUG || Yes || No effect. || 0x00000002 || 0 || 0**
|-
| SSL_OP_LEGACY_SERVER_CONNECT || Yes || Allow legacy insecure renegotiation between OpenSSL and unpatched servers only. || 0x00000004 || 0x00000004 || 0x00000004U
|-
| SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG || Yes || No effect. || 0x00000008 || 0 || 0**
|-
| SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG || || No effect. || 0 || Not defined || Not defined
|-
| SSL_OP_TLSEXT_PADDING || Yes || Adds a padding extension to ensure the ClientHello size is never between 256 and 511 bytes in length. || 0x00000010 || 0x00000010 || 0x00000010U
|-
| SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER || Yes || Accept large records (18K+) from Microsoft servers/clients. || 0x00000020 || 0 || 0**
|-
| SSL_OP_SAFARI_ECDHE_ECDSA_BUG || Yes || Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8...10.8.3 has broken support for ECDHE-ECDSA ciphers. || 0x00000040 || 0x00000040 || 0x00000040U
|-
| SSL_OP_MSIE_SSLV2_RSA_PADDING || || No effect.|| 0 || 0 || 0
|-
| SSL_OP_SSLEAY_080_CLIENT_DH_BUG || Yes || Allow invalid client DH parameters during client key exchange. || 0x00000080 || 0 || 0**
|-
| SSL_OP_TLS_D5_BUG || Yes || Allow invalid RSA encrypted length from client during client key exchange. || 0x00000100 || 0 || 0**
|-
| SSL_OP_TLS_BLOCK_PADDING_BUG || Yes || Compensate for incorrect padding. || 0x00000200 || 0 || 0**
|-
| SSL_OP_ALLOW_NO_DHE_KEX || || In TLSv1.3 allow a non-(EC)DHE-based key exchange mode || Not defined || Not defined || 0x00000400U
|-
| SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS || Yes || Disables a counter-measure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken (Microsoft) SSL implementations.|| 0x00000800 || 0x00000800 || 0x00000800U
|-
| SSL_OP_NO_QUERY_MTU || || DTLS PMTU option. || 0x00001000 || 0x00001000 || 0x00001000U
|-
| SSL_OP_COOKIE_EXCHANGE || || Turn on Cookie Exchange (on relevant for servers). || 0x00002000 || 0x00002000 || 0x00002000U
|-
| SSL_OP_NO_TICKET || || Don't use RFC4507 ticket extension. || 0x00004000 || 0x00004000 || 0x00004000U
|-
| SSL_OP_CISCO_ANYCONNECT || || Use Cisco's "speshul" version of DTLS_BAD_VER (as client). || 0x00008000 || 0x00008000 || 0x00008000U
|-
| SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION || || As server, disallow session resumption on renegotiation. || 0x00010000 || 0x00010000 || 0x00010000U
|-
| SSL_OP_NO_COMPRESSION || || Don't use compression even if supported. || 0x00020000 || 0x00020000 || 0x00020000U
|-
| SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION || || Permit unsafe legacy renegotiation. || 0x00040000 || 0x00040000 || 0x00040000U
|-
| SSL_OP_SINGLE_ECDH_USE || || If set, always create a new key when using tmp_ecdh parameters. || 0x00080000 || 0 || 0
|-
| SSL_OP_NO_ENCRYPT_THEN MAC || || Disable encrypt-then-MAC || Not defined || Not defined || 0x00080000U
|-
| SSL_OP_SINGLE_DH_USE || || If set, always create a new key when using tmp_dh parameters (In recent 1.0.2, does nothing: retained for compatibility). || 0x00100000 || 0 || 0
|-
| SSL_OP_EPHEMERAL_RSA || || No effect. || 0 || 0 || 0
|-
| SSL_OP_PRIORITIZE_CHACHA || || Prioritize ChaCha20Poly1305 on servers when client does. || Not defined || Not defined || 0x00200000U
|-
| SSL_OP_CIPHER_SERVER_PREFERENCE || || Set on servers to choose the cipher according to the server's preferences || 0x00400000 || 0x00400000 || 0x00400000U
|-
| SSL_OP_TLS_ROLLBACK_BUG || || Allow a client to specify SSLv3.0 in the pre-master secret even if TLSv1.0 was specified in the ClientHello. || 0x00800000 || 0x00800000 || 0x00800000U
|-
| SSL_OP_NO_SSLv2 || || Disable SSLv2. || 0x01000000 || 0 || 0
|-
| SSL_OP_NO_SSLv3 || || Disable SSLv3. || 0x02000000 || 0x02000000 || 0x02000000U
|-
| SSL_OP_NO_TLSv1/SSL_OP_NO_DTLSv1 || || Disable TLSv1/DTLSv1. || 0x04000000 || 0x04000000 || 0x04000000U
|-
| SSL_OP_NO_TLSv1_2/SSL_OP_NO_DTLSv1_2 || || Disable TLSv1.2/DTLSv1.2. || 0x08000000 || 0x08000000 || 0x08000000U
|-
| SSL_OP_NO_TLSv1_1 || || Disable TLSv1.1. || 0x10000000 || 0x10000000 || 0x10000000U
|-
| SSL_OP_NETSCAPE_CA_DN_BUG || || || 0x20000000 || 0 || 0
|-
| SSL_OP_NO_TLSv1_3 || || Diable TLSv1.3 || Not defined || Not defined || 0x20000000U
|-
| SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG || || || 0x40000000 || 0 || 0
|-
| SSL_OP_NO_RENEGOTIATION || || Disallow all renegotiation || Not defined || Not defined || 0x40000000U
|-
| SSL_OP_CRYPTOPRO_TLSEXT_BUG || Yes || Adds a ServerHello TLSEXT when using a GOST cipher. || 0x80000000 || 0x80000000 || 0x80000000U
|-
| SSL_OP_PKCS1_CHECK_1 || || No effect. || 0 || 0 || 0
|-
| SSL_OP_PKCS1_CHECK_2 || || No effect. || 0 || 0 || 0
|-
| SSL_OP_NO_SSL_MASK || || SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3 || 0x1F000000 || 0x1E000000 || 0x3E000000U
|-
| SSL_OP_ALL || Yes || Default set of options. || 0x80000BFF || 0x80000BFF || 0x80000854U
|}

== SSL_OP_ALL ==

In OpenSSL 1.1.1, the SSL_OP_ALL option changed value. This means that 1.1.0 and 1.1.1, although ABI compatible, have different values for default enabled options. The result of this is that several option bits marked by ** cannot be re-assigned until 3.0.0.

As of 1.1.0, these options are enabled by default via SSL_OP_ALL:

* SSL_OP_CRYPTOPRO_TLSEXT_BUG
* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
* SSL_OP_LEGACY_SERVER_CONNECT
* SSL_OP_TLSEXT_PADDING
* SSL_OP_SAFARI_ECDHE_ECDSA_BUG)

== Protocol Version Options ==

The following options control the protocols enabled on an SSL or SSL_CTX:

* SSL_OP_NO_SSLv2
* SSL_OP_NO_SSLv3
* SSL_OP_NO_TLSv1
* SSL_OP_NO_TLSv1_1
* SSL_OP_NO_TLSv1_2
* SSL_OP_NO_TLSv1_3
* SSL_OP_NO_DTLSv1
* SSL_OP_NO_DTLSv1_2

These options are deprecated as of 1.1.0, use SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version() instead.

== Historical Options and Notes ==

=== SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ===

This option does nothing, but was retained for compatibility. In 1.0.1 this option had a value of 0x00000010, but that was taken over by SSL_OP_TLS_PADDING in 1.0.2; this option's value was changed to 0 in 1.0.2. It was included in SSL_OP_ALL. The defintion was removed from 1.1.0.

=== SSL_OP_MSIE_SSLV2_RSA_PADDING ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00000040; this option's value was changed to 0 in 1.0.2.

=== SSL_OP_SINGLE_DH_USE ===

If set, always create a new key when using tmp_dh parameters. As of 1.0.2f single-DH key use is always on, and this option does nothing, and is retained for compatibility.

=== SSL_OP_EPHEMERAL_RSA ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00200000; this option's value was changed to 0 in 1.0.2. This option always used the tmp_rsa key when doing RSA operations, even when this violated protocol specs.

=== SSL_OP_PRIORITIZE_CHACHA ===

This option has no effect if SSL_OP_CIPHER_SERVER_PREFERENCE is not enabled.

=== SSL_OP_TLS_ROLLBACK_BUG ===

This option had a value of 0x00000400 in 0.9.6. If set, a server will allow a client to issue a SSLv3.0 version number as latest version supported in the premaster secret, even when TLSv1.0 (version 3.1) was announced in the client hello. Normally this is forbidden to prevent version rollback attacks.

Added in 0.9.6 and was automatically enabled via SSL_OP_ALL. In 0.9.7, it was removed from SSL_OP_ALL and must be explicitly set.

=== SSL_OP_PKCS1_CHECK_1 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x08000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

=== SSL_OP_PKCS1_CHECK_2 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x10000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

=== SSL_OP_CIPHER_SERVER_PREFERENCE ===

Added in 0.9.7.

=== SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION ===

Added in 0.9.7.

=== SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS ===

Added in 0.9.6e to disable the fragment insertion that was added in 0.9.6d (where it was always enabled). Versions up to 0.9.6c do not include the countermeasure.

=== SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ===

Added in 0.9.8m.

=== SSL_OP_LEGACY_SERVER_CONNECT ===

Added in 0.9.8m.

List of SSL OP Flags

2017-12-12T18:34:56Z

Tmshort: /* Historical Options and Notes */

This page lists all the SSL_OP flags available in OpenSSL. These values are passed to the SSL_CTX_set_options(), SSL_CTX_clear_options() functions and returned by the SSL_CTX_get_options() function (and corresponding SSL-equivalents).

Options with a value of 0 have no effect.

== Table of Options ==

{| class="wikitable"
! Option Name !! SSL_OP_ALL !! Description !! 1.0.2 value !! 1.1.0 value !! 1.1.1 value
|-
| SSL_OP_MICROSOFT_SESS_ID_BUG || Yes || No effect. || 0x00000001 || 0 || 0**
|-
| SSL_OP_NETSCAPE_CHALLENGE_BUG || Yes || No effect. || 0x00000002 || 0 || 0**
|-
| SSL_OP_LEGACY_SERVER_CONNECT || Yes || Allow legacy insecure renegotiation between OpenSSL and unpatched servers only. || 0x00000004 || 0x00000004 || 0x00000004U
|-
| SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG || Yes || No effect. || 0x00000008 || 0 || 0**
|-
| SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG || || No effect. || 0 || Not defined || Not defined
|-
| SSL_OP_TLSEXT_PADDING || Yes || Adds a padding extension to ensure the ClientHello size is never between 256 and 511 bytes in length. || 0x00000010 || 0x00000010 || 0x00000010U
|-
| SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER || Yes || Accept large records (18K+) from Microsoft servers/clients. || 0x00000020 || 0 || 0**
|-
| SSL_OP_SAFARI_ECDHE_ECDSA_BUG || Yes || Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8...10.8.3 has broken support for ECDHE-ECDSA ciphers. || 0x00000040 || 0x00000040 || 0x00000040U
|-
| SSL_OP_MSIE_SSLV2_RSA_PADDING || || No effect.|| 0 || 0 || 0
|-
| SSL_OP_SSLEAY_080_CLIENT_DH_BUG || Yes || Allow invalid client DH parameters during client key exchange. || 0x00000080 || 0 || 0**
|-
| SSL_OP_TLS_D5_BUG || Yes || Allow invalid RSA encrypted length from client during client key exchange. || 0x00000100 || 0 || 0**
|-
| SSL_OP_TLS_BLOCK_PADDING_BUG || Yes || Compensate for incorrect padding. || 0x00000200 || 0 || 0**
|-
| SSL_OP_ALLOW_NO_DHE_KEX || || In TLSv1.3 allow a non-(EC)DHE-based key exchange mode || Not defined || Not defined || 0x00000400U
|-
| SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS || Yes || Disables a counter-measure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken (Microsoft) SSL implementations.|| 0x00000800 || 0x00000800 || 0x00000800U
|-
| SSL_OP_NO_QUERY_MTU || || DTLS PMTU option. || 0x00001000 || 0x00001000 || 0x00001000U
|-
| SSL_OP_COOKIE_EXCHANGE || || Turn on Cookie Exchange (on relevant for servers). || 0x00002000 || 0x00002000 || 0x00002000U
|-
| SSL_OP_NO_TICKET || || Don't use RFC4507 ticket extension. || 0x00004000 || 0x00004000 || 0x00004000U
|-
| SSL_OP_CISCO_ANYCONNECT || || Use Cisco's "speshul" version of DTLS_BAD_VER (as client). || 0x00008000 || 0x00008000 || 0x00008000U
|-
| SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION || || As server, disallow session resumption on renegotiation. || 0x00010000 || 0x00010000 || 0x00010000U
|-
| SSL_OP_NO_COMPRESSION || || Don't use compression even if supported. || 0x00020000 || 0x00020000 || 0x00020000U
|-
| SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION || || Permit unsafe legacy renegotiation. || 0x00040000 || 0x00040000 || 0x00040000U
|-
| SSL_OP_SINGLE_ECDH_USE || || If set, always create a new key when using tmp_ecdh parameters. || 0x00080000 || 0 || 0
|-
| SSL_OP_NO_ENCRYPT_THEN MAC || || Disable encrypt-then-MAC || Not defined || Not defined || 0x00080000U
|-
| SSL_OP_SINGLE_DH_USE || || If set, always create a new key when using tmp_dh parameters (In recent 1.0.2, does nothing: retained for compatibility). || 0x00100000 || 0 || 0
|-
| SSL_OP_EPHEMERAL_RSA || || No effect. || 0 || 0 || 0
|-
| SSL_OP_PRIORITIZE_CHACHA || || Prioritize ChaCha20Poly1305 on servers when client does. || Not defined || Not defined || 0x00200000U
|-
| SSL_OP_CIPHER_SERVER_PREFERENCE || || Set on servers to choose the cipher according to the server's preferences || 0x00400000 || 0x00400000 || 0x00400000U
|-
| SSL_OP_TLS_ROLLBACK_BUG || || Allow a client to specify SSLv3.0 in the pre-master secret even if TLSv1.0 was specified in the ClientHello. || 0x00800000 || 0x00800000 || 0x00800000U
|-
| SSL_OP_NO_SSLv2 || || Disable SSLv2. || 0x01000000 || 0 || 0
|-
| SSL_OP_NO_SSLv3 || || Disable SSLv3. || 0x02000000 || 0x02000000 || 0x02000000U
|-
| SSL_OP_NO_TLSv1/SSL_OP_NO_DTLSv1 || || Disable TLSv1/DTLSv1. || 0x04000000 || 0x04000000 || 0x04000000U
|-
| SSL_OP_NO_TLSv1_2/SSL_OP_NO_DTLSv1_2 || || Disable TLSv1.2/DTLSv1.2. || 0x08000000 || 0x08000000 || 0x08000000U
|-
| SSL_OP_NO_TLSv1_1 || || Disable TLSv1.1. || 0x10000000 || 0x10000000 || 0x10000000U
|-
| SSL_OP_NETSCAPE_CA_DN_BUG || || || 0x20000000 || 0 || 0
|-
| SSL_OP_NO_TLSv1_3 || || Diable TLSv1.3 || Not defined || Not defined || 0x20000000U
|-
| SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG || || || 0x40000000 || 0 || 0
|-
| SSL_OP_NO_RENEGOTIATION || || Disallow all renegotiation || Not defined || Not defined || 0x40000000U
|-
| SSL_OP_CRYPTOPRO_TLSEXT_BUG || Yes || Adds a ServerHello TLSEXT when using a GOST cipher. || 0x80000000 || 0x80000000 || 0x80000000U
|-
| SSL_OP_PKCS1_CHECK_1 || || No effect. || 0 || 0 || 0
|-
| SSL_OP_PKCS1_CHECK_2 || || No effect. || 0 || 0 || 0
|-
| SSL_OP_NO_SSL_MASK || || SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3 || 0x1F000000 || 0x1E000000 || 0x3E000000U
|-
| SSL_OP_ALL || Yes || Default set of options. || 0x80000BFF || 0x80000BFF || 0x80000854U
|}

== SSL_OP_ALL ==

In OpenSSL 1.1.1, the SSL_OP_ALL option changed value. This means that 1.1.0 and 1.1.1, although ABI compatible, have different values for default enabled options. The result of this is that several option bits marked by ** cannot be re-assigned until 1.2.0.

As of 1.1.0, these options are enabled by default via SSL_OP_ALL:

* SSL_OP_CRYPTOPRO_TLSEXT_BUG
* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
* SSL_OP_LEGACY_SERVER_CONNECT
* SSL_OP_TLSEXT_PADDING
* SSL_OP_SAFARI_ECDHE_ECDSA_BUG)

== Protocol Version Options ==

The following options control the protocols enabled on an SSL or SSL_CTX:

* SSL_OP_NO_SSLv2
* SSL_OP_NO_SSLv3
* SSL_OP_NO_TLSv1
* SSL_OP_NO_TLSv1_1
* SSL_OP_NO_TLSv1_2
* SSL_OP_NO_TLSv1_3
* SSL_OP_NO_DTLSv1
* SSL_OP_NO_DTLSv1_2

These options are deprecated as of 1.1.0, use SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version() instead.

== Historical Options and Notes ==

=== SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ===

This option does nothing, but was retained for compatibility. In 1.0.1 this option had a value of 0x00000010, but that was taken over by SSL_OP_TLS_PADDING in 1.0.2; this option's value was changed to 0 in 1.0.2. It was included in SSL_OP_ALL. The defintion was removed from 1.1.0.

=== SSL_OP_MSIE_SSLV2_RSA_PADDING ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00000040; this option's value was changed to 0 in 1.0.2.

=== SSL_OP_SINGLE_DH_USE ===

If set, always create a new key when using tmp_dh parameters. As of 1.0.2f single-DH key use is always on, and this option does nothing, and is retained for compatibility.

=== SSL_OP_EPHEMERAL_RSA ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00200000; this option's value was changed to 0 in 1.0.2. This option always used the tmp_rsa key when doing RSA operations, even when this violated protocol specs.

=== SSL_OP_PRIORITIZE_CHACHA ===

This option has no effect if SSL_OP_CIPHER_SERVER_PREFERENCE is not enabled.

=== SSL_OP_TLS_ROLLBACK_BUG ===

This option had a value of 0x00000400 in 0.9.6. If set, a server will allow a client to issue a SSLv3.0 version number as latest version supported in the premaster secret, even when TLSv1.0 (version 3.1) was announced in the client hello. Normally this is forbidden to prevent version rollback attacks.

Added in 0.9.6 and was automatically enabled via SSL_OP_ALL. In 0.9.7, it was removed from SSL_OP_ALL and must be explicitly set.

=== SSL_OP_PKCS1_CHECK_1 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x08000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

=== SSL_OP_PKCS1_CHECK_2 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x10000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

=== SSL_OP_CIPHER_SERVER_PREFERENCE ===

Added in 0.9.7.

=== SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION ===

Added in 0.9.7.

=== SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS ===

Added in 0.9.6e to disable the fragment insertion that was added in 0.9.6d (where it was always enabled). Versions up to 0.9.6c do not include the countermeasure.

=== SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ===

Added in 0.9.8m.

=== SSL_OP_LEGACY_SERVER_CONNECT ===

Added in 0.9.8m.

Main Page

2017-12-12T18:28:46Z

Tmshort: /* Usage and Programming */

This is the OpenSSL wiki. The main site is https://www.openssl.org . If this is your first visit or to get an account please see the [[Welcome]] page. Your participation and [[Contributions]] are valued.

This wiki is intended as a place for collecting, organizing, and refining useful information about OpenSSL that is currently strewn among multiple locations and formats.

== OpenSSL Quick Links ==

<TABLE border=0>
<TR>
<TD>[[OpenSSL Overview]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Compilation and Installation]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Internals]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Mailing Lists]] </TD>
</TR>
<TR>
<TD>[[libcrypto API]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[libssl API]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Examples]] </TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Documentation Index|Index of all API functions]]</TD>
</TR>
<TR>
<TD>[[License]] </TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Command Line Utilities]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Related Links]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Binaries]]</TD>
</TR>
<TR>
<TD>[[SSL and TLS Protocols]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[1.1 API Changes]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[FIPS modules]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
</TR>
</TABLE>

== Administrivia ==
Site guidelines, legal and admininstrative issues.
:* [[Basic rules]], [[Commercial Product Disclaimer]], [[Contributions]], [[Copyright]], [[License]]
:* Using This Wiki
:: [http://meta.wikimedia.org/wiki/Help:Contents Wiki User's Guide], [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list], [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki Mailing List]

== Reference ==
This section contains the automagically generated man pages from the OpenSSL git repository, and similar "man" style reference documentation. The man pages are automatically imported from the OpenSSL git repository and local wiki modifications are submitted as patches.
:* OpenSSL Manual Pages
::* [[Manual:Openssl(1)]], [[Manual:Ssl(3)]], [[Manual:Crypto(3)]], [[Documentation Index]]
:: If you wish to edit any of the Manual page content please refer to the [[Guidelines for Manual Page Authors]] page.
:* [[API]], [[Libcrypto API]], [[Libssl API]]
:* [[FIPS mode()]], [[FIPS_mode_set()]]

== Usage and Programming ==
This section has discussions of practical issues in using OpenSSL
:* Building from Source
:: Where to find it, the different versions, how to build and install it.
:* [[OpenSSL Overview]]
:* [[Versioning]]
:* [[Compilation and Installation]]
:* [[EVP]]
:: Programming techniques and example code
:: Use of EVP is preferred for most applications and circumstances
::* [[EVP Asymmetric Encryption and Decryption of an Envelope]]
::* [[EVP Authenticated Encryption and Decryption]]
::* [[EVP Symmetric Encryption and Decryption]]
::* [[EVP Key and Parameter Generation]]
::* [[EVP Key Agreement]]
::* [[EVP Message Digests]]
::* [[EVP Key Derivation]]
::* [[EVP Signing and Verifying|EVP Signing and Verifying (including MAC codes)]]
:* [[STACK API]]
:* [[List of SSL OP Flags]]
:* Low Level APIs
::[[Creating an OpenSSL Engine to use indigenous ECDH ECDSA and HASH Algorithms]]
:: More specialized non-EVP usage
::* [[Diffie-Hellman parameters]]
:* [[FIPS Mode]]
:* [[Simple TLS Server]]

== Concepts and Theory ==
Discussions of basic cryptographic theory and concepts
Discussions of common operational issues
:* [[Base64]]
:* [http://wiki.openssl.org/index.php/Category:FIPS_140 FIPS 140-2]
:* [[Random Numbers]]
:* [[Diffie Hellman]]
:* [[Elliptic Curve Diffie Hellman]]
:* [[Elliptic Curve Cryptography]]

== Security Advisories ==
:* [https://www.openssl.org/policies/secpolicy.html OpenSSL Security Policy]
:* [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]
:* [[Security_Advisories|Security Advisories Additional Information]]

== Feedback and Contributions ==
:* [https://www.openssl.org/support/faq.html#BUILD18 How to notify us of suspected security vulnerabilities]
:* [https://www.openssl.org/community/#bugs How to report bugs, other than for suspected vulnerabilities]
:* [[Contributions|General background on source and documentation contributions - '''must read''']]
:* Contributing code fixes, other than for suspected vulnerabilities, as well as fixes and other improvements to manual pages:
::* If you are unsure as to whether a feature will be useful for the general OpenSSL community please discuss it on the [https://www.openssl.org/support/community.html openssl-dev mailing list] first. Someone may be already working on the same thing or there may be a good reason as to why that feature isn't implemented.
::* Follow the [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|instructions for accessing source code]] in the appropriate branches. Note that manual pages and the FAQ are maintained with the source code.
::* Submit a pull request for each separate fix (also documented [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|there]])
::* Submit a bug report (see second bullet, above) and reference the pull request. Or you can attach the patch to the ticket.
:* Contributing fixes and other improvements to the web site
::* Follow the [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|instructions for accessing web site sources]]
::* Create a patch (also documented [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|there]])
::* Submit a bug report and add the patch as an attachment
:* [[Developing For OpenSSL]]
:* [[KnownPatches|Known patches not part of OpenSSL]]
:* [[Welcome|Contributing to this wiki]]

== Internals and Development ==
This section is for internal details of primary interest to OpenSSL maintainers and power users
:* [[Code reformatting]]

:* [[Internals]]
:* [[Code Quality]]
:* [[Static and Dynamic Analysis]]
:* [[OCB|OCB Licence details]]
:* [[Defect and Feature Review Process]]
:* [[Unit Testing]] (includes other automated testing information)
:* [[How to Integrate a Symmetric Cipher]]

List of SSL OP Flags

2017-12-12T16:17:52Z

Tmshort: /* Table of Options */

This page lists all the SSL_OP flags available in OpenSSL. These values are passed to the SSL_CTX_set_options(), SSL_CTX_clear_options() functions and returned by the SSL_CTX_get_options() function (and corresponding SSL-equivalents).

Options with a value of 0 have no effect.

== Table of Options ==

{| class="wikitable"
! Option Name !! SSL_OP_ALL !! Description !! 1.0.2 value !! 1.1.0 value !! 1.1.1 value
|-
| SSL_OP_MICROSOFT_SESS_ID_BUG || Yes || No effect. || 0x00000001 || 0 || 0**
|-
| SSL_OP_NETSCAPE_CHALLENGE_BUG || Yes || No effect. || 0x00000002 || 0 || 0**
|-
| SSL_OP_LEGACY_SERVER_CONNECT || Yes || Allow legacy insecure renegotiation between OpenSSL and unpatched servers only. || 0x00000004 || 0x00000004 || 0x00000004U
|-
| SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG || Yes || No effect. || 0x00000008 || 0 || 0**
|-
| SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG || || No effect. || 0 || Not defined || Not defined
|-
| SSL_OP_TLSEXT_PADDING || Yes || Adds a padding extension to ensure the ClientHello size is never between 256 and 511 bytes in length. || 0x00000010 || 0x00000010 || 0x00000010U
|-
| SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER || Yes || Accept large records (18K+) from Microsoft servers/clients. || 0x00000020 || 0 || 0**
|-
| SSL_OP_SAFARI_ECDHE_ECDSA_BUG || Yes || Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8...10.8.3 has broken support for ECDHE-ECDSA ciphers. || 0x00000040 || 0x00000040 || 0x00000040U
|-
| SSL_OP_MSIE_SSLV2_RSA_PADDING || || No effect.|| 0 || 0 || 0
|-
| SSL_OP_SSLEAY_080_CLIENT_DH_BUG || Yes || Allow invalid client DH parameters during client key exchange. || 0x00000080 || 0 || 0**
|-
| SSL_OP_TLS_D5_BUG || Yes || Allow invalid RSA encrypted length from client during client key exchange. || 0x00000100 || 0 || 0**
|-
| SSL_OP_TLS_BLOCK_PADDING_BUG || Yes || Compensate for incorrect padding. || 0x00000200 || 0 || 0**
|-
| SSL_OP_ALLOW_NO_DHE_KEX || || In TLSv1.3 allow a non-(EC)DHE-based key exchange mode || Not defined || Not defined || 0x00000400U
|-
| SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS || Yes || Disables a counter-measure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken (Microsoft) SSL implementations.|| 0x00000800 || 0x00000800 || 0x00000800U
|-
| SSL_OP_NO_QUERY_MTU || || DTLS PMTU option. || 0x00001000 || 0x00001000 || 0x00001000U
|-
| SSL_OP_COOKIE_EXCHANGE || || Turn on Cookie Exchange (on relevant for servers). || 0x00002000 || 0x00002000 || 0x00002000U
|-
| SSL_OP_NO_TICKET || || Don't use RFC4507 ticket extension. || 0x00004000 || 0x00004000 || 0x00004000U
|-
| SSL_OP_CISCO_ANYCONNECT || || Use Cisco's "speshul" version of DTLS_BAD_VER (as client). || 0x00008000 || 0x00008000 || 0x00008000U
|-
| SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION || || As server, disallow session resumption on renegotiation. || 0x00010000 || 0x00010000 || 0x00010000U
|-
| SSL_OP_NO_COMPRESSION || || Don't use compression even if supported. || 0x00020000 || 0x00020000 || 0x00020000U
|-
| SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION || || Permit unsafe legacy renegotiation. || 0x00040000 || 0x00040000 || 0x00040000U
|-
| SSL_OP_SINGLE_ECDH_USE || || If set, always create a new key when using tmp_ecdh parameters. || 0x00080000 || 0 || 0
|-
| SSL_OP_NO_ENCRYPT_THEN MAC || || Disable encrypt-then-MAC || Not defined || Not defined || 0x00080000U
|-
| SSL_OP_SINGLE_DH_USE || || If set, always create a new key when using tmp_dh parameters (In recent 1.0.2, does nothing: retained for compatibility). || 0x00100000 || 0 || 0
|-
| SSL_OP_EPHEMERAL_RSA || || No effect. || 0 || 0 || 0
|-
| SSL_OP_PRIORITIZE_CHACHA || || Prioritize ChaCha20Poly1305 on servers when client does. || Not defined || Not defined || 0x00200000U
|-
| SSL_OP_CIPHER_SERVER_PREFERENCE || || Set on servers to choose the cipher according to the server's preferences || 0x00400000 || 0x00400000 || 0x00400000U
|-
| SSL_OP_TLS_ROLLBACK_BUG || || Allow a client to specify SSLv3.0 in the pre-master secret even if TLSv1.0 was specified in the ClientHello. || 0x00800000 || 0x00800000 || 0x00800000U
|-
| SSL_OP_NO_SSLv2 || || Disable SSLv2. || 0x01000000 || 0 || 0
|-
| SSL_OP_NO_SSLv3 || || Disable SSLv3. || 0x02000000 || 0x02000000 || 0x02000000U
|-
| SSL_OP_NO_TLSv1/SSL_OP_NO_DTLSv1 || || Disable TLSv1/DTLSv1. || 0x04000000 || 0x04000000 || 0x04000000U
|-
| SSL_OP_NO_TLSv1_2/SSL_OP_NO_DTLSv1_2 || || Disable TLSv1.2/DTLSv1.2. || 0x08000000 || 0x08000000 || 0x08000000U
|-
| SSL_OP_NO_TLSv1_1 || || Disable TLSv1.1. || 0x10000000 || 0x10000000 || 0x10000000U
|-
| SSL_OP_NETSCAPE_CA_DN_BUG || || || 0x20000000 || 0 || 0
|-
| SSL_OP_NO_TLSv1_3 || || Diable TLSv1.3 || Not defined || Not defined || 0x20000000U
|-
| SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG || || || 0x40000000 || 0 || 0
|-
| SSL_OP_NO_RENEGOTIATION || || Disallow all renegotiation || Not defined || Not defined || 0x40000000U
|-
| SSL_OP_CRYPTOPRO_TLSEXT_BUG || Yes || Adds a ServerHello TLSEXT when using a GOST cipher. || 0x80000000 || 0x80000000 || 0x80000000U
|-
| SSL_OP_PKCS1_CHECK_1 || || No effect. || 0 || 0 || 0
|-
| SSL_OP_PKCS1_CHECK_2 || || No effect. || 0 || 0 || 0
|-
| SSL_OP_NO_SSL_MASK || || SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3 || 0x1F000000 || 0x1E000000 || 0x3E000000U
|-
| SSL_OP_ALL || Yes || Default set of options. || 0x80000BFF || 0x80000BFF || 0x80000854U
|}

== SSL_OP_ALL ==

In OpenSSL 1.1.1, the SSL_OP_ALL option changed value. This means that 1.1.0 and 1.1.1, although ABI compatible, have different values for default enabled options. The result of this is that several option bits marked by ** cannot be re-assigned until 1.2.0.

As of 1.1.0, these options are enabled by default via SSL_OP_ALL:

* SSL_OP_CRYPTOPRO_TLSEXT_BUG
* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
* SSL_OP_LEGACY_SERVER_CONNECT
* SSL_OP_TLSEXT_PADDING
* SSL_OP_SAFARI_ECDHE_ECDSA_BUG)

== Protocol Version Options ==

The following options control the protocols enabled on an SSL or SSL_CTX:

* SSL_OP_NO_SSLv2
* SSL_OP_NO_SSLv3
* SSL_OP_NO_TLSv1
* SSL_OP_NO_TLSv1_1
* SSL_OP_NO_TLSv1_2
* SSL_OP_NO_TLSv1_3
* SSL_OP_NO_DTLSv1
* SSL_OP_NO_DTLSv1_2

These options are deprecated as of 1.1.0, use SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version() instead.

== Historical Options and Notes ==

=== SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ===

This option does nothing, but was retained for compatibility. In 1.0.1 this option had a value of 0x00000010, but that was taken over by SSL_OP_TLS_PADDING in 1.0.2; this option's value was changed to 0 in 1.0.2. It was included in SSL_OP_ALL. The defintion was removed from 1.1.0.

=== SSL_OP_MSIE_SSLV2_RSA_PADDING ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00000040; this option's value was changed to 0 in 1.0.2.

=== SSL_OP_SINGLE_DH_USE ===

If set, always create a new key when using tmp_dh parameters. As of 1.0.2f single-DH key use is always on, and this option does nothing, and is retained for compatibility.

=== SSL_OP_EPHEMERAL_RSA ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00200000; this option's value was changed to 0 in 1.0.2. This option always used the tmp_rsa key when doing RSA operations, even when this violated protocol specs.

=== SSL_OP_PRIORITIZE_CHACHA ===

This option has no effect if SSL_OP_CIPHER_SERVER_PREFERENCE is not enabled.

=== SSL_OP_TLS_ROLLBACK_BUG ===

This option had a value of 0x00000400 in 0.9.6. If set, a server will allow a client to issue a SSLv3.0 version number as latest version supported in the premaster secret, even when TLSv1.0 (version 3.1) was announced in the client hello. Normally this is forbidden to prevent version rollback attacks.

=== SSL_OP_PKCS1_CHECK_1 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x08000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

=== SSL_OP_PKCS1_CHECK_2 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x10000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

List of SSL OP Flags

2017-12-12T16:15:45Z

Tmshort: Initial page

This page lists all the SSL_OP flags available in OpenSSL. These values are passed to the SSL_CTX_set_options(), SSL_CTX_clear_options() functions and returned by the SSL_CTX_get_options() function (and corresponding SSL-equivalents).

Options with a value of 0 have no effect.

== Table of Options ==

{| class="wikitable"
! Option Name !! SSL_OP_ALL !! Description !! 1.0.2 value !! 1.1.0 value !! 1.1.1 value
|-
| SSL_OP_MICROSOFT_SESS_ID_BUG || Yes || No effect. || 0x00000001 || 0 || 0**
|-
| SSL_OP_NETSCAPE_CHALLENGE_BUG || Yes || No effect. || 0x00000002 || 0 || 0**
|-
| SSL_OP_LEGACY_SERVER_CONNECT || Yes || Allow legacy insecure renegotiation between OpenSSL and unpatched servers only. || 0x00000004 || 0x00000004 || 0x00000004U
|-
| SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG || Yes || No effect. || 0x00000008 || 0 || 0**
|-
| SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG || || No effect. || 0 || Not defined || Not defined
|-
| SSL_OP_TLSEXT_PADDING || Yes || Adds a padding extension to ensure the ClientHello size is never between 256 and 511 bytes in length. || 0x00000010 || 0x00000010 || 0x00000010U
|-
| SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER || Yes || Accept large records (18K+) from Microsoft servers/clients. || 0x00000020 || 0 || 0**
|-
| SSL_OP_SAFARI_ECDHE_ECDSA_BUG || Yes || Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8...10.8.3 has broken support for ECDHE-ECDSA ciphers. || 0x00000040 || 0x00000040 || 0x00000040U
|-
| SSL_OP_MSIE_SSLV2_RSA_PADDING || || No effect.|| 0 || 0 || 0
|-
| SSL_OP_SSLEAY_080_CLIENT_DH_BUG || Yes || Allow invalid client DH parameters during client key exchange. || 0x00000080 || 0 || 0**
|-
| SSL_OP_TLS_D5_BUG || Yes || Allow invalid RSA encrypted length from client during client key exchange. || 0x00000100 || 0 || 0**
|-
| SSL_OP_TLS_BLOCK_PADDING_BUG || Yes || Compensate for incorrect padding. || 0x00000200 || 0 || 0**
|-
| SSL_OP_ALLOW_NO_DHE_KEX || || In TLSv1.3 allow a non-(EC)DHE-based key exchange mode || Not defined || Not defined || 0x00000400U
|-
| SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS || Yes || Disables a counter-measure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken (Microsoft) SSL implementations.|| 0x00000800 || 0x00000800 || 0x00000800U
|-
| SSL_OP_NO_QUERY_MTU || || DTLS PMTU option. || 0x00001000 || 0x00001000 || 0x00001000U
|-
| SSL_OP_COOKIE_EXCHANGE || || Turn on Cookie Exchange (on relevant for servers). || 0x00002000 || 0x00002000 || 0x00002000U
|-
| SSL_OP_NO_TICKET || || Don't use RFC4507 ticket extension. || 0x00004000 || 0x00004000 || 0x00004000U
|-
| SSL_OP_CISCO_ANYCONNECT || || Use Cisco's "speshul" version of DTLS_BAD_VER (as client). || 0x00008000 || 0x00008000 || 0x00008000U
|-
| SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION || || As server, disallow session resumption on renegotiation. || 0x00010000 || 0x00010000 || 0x00010000U
|-
| SSL_OP_NO_COMPRESSION || || Don't use compression even if supported. || 0x00020000 || 0x00020000 || 0x00020000U
|-
| SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION || || Permit unsafe legacy renegotiation. || 0x00040000 || 0x00040000 || 0x00040000U
|-
| SSL_OP_SINGLE_ECDH_USE || || If set, always create a new key when using tmp_ecdh parameters. || 0x00080000 || 0 || 0
|-
| SSL_OP_NO_ENCRYPT_THEN MAC || || Disable encrypt-then-MAC || Not defined || Not defined || 0x00080000U
|-
| SSL_OP_SINGLE_DH_USE || || If set, always create a new key when using tmp_dh parameters (In recent 1.0.2, does nothing: retained for compatibility). || 0x00100000 || 0 || 0
|-
| SSL_OP_EPHEMERAL_RSA || || No effect. || 0 || 0 || 0
|-
| SSL_OP_PRIORITIZE_CHACHA || || Prioritize ChaCha20Poly1305 on servers when client does. || Not defined || Not defined || 0x00200000U
|-
| SSL_OP_CIPHER_SERVER_PREFERENCE || || Set on servers to choose the cipher according to the server's preferences || 0x00400000 || 0x00400000 || 0x00400000U
|-
| SSL_OP_TLS_ROLLBACK_BUG || || Allow a client to specify SSLv3.0 in the pre-master secret even if TLSv1.0 was specified in the ClientHello. || 0x00800000 || 0x00800000 || 0x00800000U
|-
| SSL_OP_NO_SSLv2 || || Disable SSLv2. || 0x01000000 || 0 || 0
|-
| SSL_OP_NO_SSLv3 || || Disable SSLv3. || 0x02000000 || 0x02000000 || 0x02000000U
|-
| SSL_OP_NO_TLSv1/SSL_OP_NO_DTLSv1 || || Disable TLSv1/DTLSv1. || 0x04000000 || 0x04000000 || 0x04000000U
|-
| SSL_OP_NO_TLSv1_2/SSL_OP_NO_DTLSv1_2 || || Disable TLSv1.2/DTLSv1.2. || 0x08000000 || 0x08000000 || 0x08000000U
|-
| SSL_OP_NO_TLSv1_1 || || Disable TLSv1.1. || 0x10000000 || 0x10000000 || 0x10000000U
|-
| SSL_OP_NETSCAPE_CA_DN_BUG || || || 0x20000000 || 0 || 0
|-
| SSL_OP_NO_TLSv1_3 || || Diable TLSv1.3 || Not defined || Not defined || 0x20000000U
|-
| SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG || || || 0x40000000 || 0 || 0
|-
| SSL_OP_NO_RENEGOTIATION || || Disallow all renegotiation || Not defined || Not defined || 0x40000000U
|-
| SSL_OP_CRYPTOPRO_TLSEXT_BUG || Yes || Adds a ServerHello TLSEXT when using a GOST cipher. || 0x80000000 || 0x80000000 || 0x80000000U
|-
| SSL_OP_PKCS1_CHECK_1 || || No effect. || 0 || 0 || 0
|-
| SSL_OP_PKCS1_CHECK_2 || || No effect. || 0 || 0 || 0
|-
| SSL_OP_NO_SSL_MASK || || SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2 || 0x1F000000 || 0x1E000000 || 0x3E000000U
|-
| SSL_OP_ALL || Yes || Default set of options. || 0x80000BFF || 0x80000BFF || 0x80000854U
|}

== SSL_OP_ALL ==

In OpenSSL 1.1.1, the SSL_OP_ALL option changed value. This means that 1.1.0 and 1.1.1, although ABI compatible, have different values for default enabled options. The result of this is that several option bits marked by ** cannot be re-assigned until 1.2.0.

As of 1.1.0, these options are enabled by default via SSL_OP_ALL:

* SSL_OP_CRYPTOPRO_TLSEXT_BUG
* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
* SSL_OP_LEGACY_SERVER_CONNECT
* SSL_OP_TLSEXT_PADDING
* SSL_OP_SAFARI_ECDHE_ECDSA_BUG)

== Protocol Version Options ==

The following options control the protocols enabled on an SSL or SSL_CTX:

* SSL_OP_NO_SSLv2
* SSL_OP_NO_SSLv3
* SSL_OP_NO_TLSv1
* SSL_OP_NO_TLSv1_1
* SSL_OP_NO_TLSv1_2
* SSL_OP_NO_TLSv1_3
* SSL_OP_NO_DTLSv1
* SSL_OP_NO_DTLSv1_2

These options are deprecated as of 1.1.0, use SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version() instead.

== Historical Options and Notes ==

=== SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ===

This option does nothing, but was retained for compatibility. In 1.0.1 this option had a value of 0x00000010, but that was taken over by SSL_OP_TLS_PADDING in 1.0.2; this option's value was changed to 0 in 1.0.2. It was included in SSL_OP_ALL. The defintion was removed from 1.1.0.

=== SSL_OP_MSIE_SSLV2_RSA_PADDING ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00000040; this option's value was changed to 0 in 1.0.2.

=== SSL_OP_SINGLE_DH_USE ===

If set, always create a new key when using tmp_dh parameters. As of 1.0.2f single-DH key use is always on, and this option does nothing, and is retained for compatibility.

=== SSL_OP_EPHEMERAL_RSA ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00200000; this option's value was changed to 0 in 1.0.2. This option always used the tmp_rsa key when doing RSA operations, even when this violated protocol specs.

=== SSL_OP_PRIORITIZE_CHACHA ===

This option has no effect if SSL_OP_CIPHER_SERVER_PREFERENCE is not enabled.

=== SSL_OP_TLS_ROLLBACK_BUG ===

This option had a value of 0x00000400 in 0.9.6. If set, a server will allow a client to issue a SSLv3.0 version number as latest version supported in the premaster secret, even when TLSv1.0 (version 3.1) was announced in the client hello. Normally this is forbidden to prevent version rollback attacks.

=== SSL_OP_PKCS1_CHECK_1 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x08000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

=== SSL_OP_PKCS1_CHECK_2 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x10000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.