Tmshort: Update for 3.0

2021-08-05T20:51:02Z

Update for 3.0

Show changes

Tmshort at 14:21, 29 July 2019

2019-07-29T14:21:20Z

Tmshort: /* Historical Options and Notes */

2017-12-12T18:34:56Z

Historical Options and Notes

Tmshort: /* Table of Options */

2017-12-12T16:17:52Z

Table of Options

Tmshort: Initial page

2017-12-12T16:15:45Z

Initial page

New page

This page lists all the SSL_OP flags available in OpenSSL. These values are passed to the SSL_CTX_set_options(), SSL_CTX_clear_options() functions and returned by the SSL_CTX_get_options() function (and corresponding SSL-equivalents).

Options with a value of 0 have no effect.

== Table of Options ==

{| class="wikitable"
! Option Name !! SSL_OP_ALL !! Description !! 1.0.2 value !! 1.1.0 value !! 1.1.1 value
|-
| SSL_OP_MICROSOFT_SESS_ID_BUG || Yes || No effect. || 0x00000001 || 0 || 0**
|-
| SSL_OP_NETSCAPE_CHALLENGE_BUG || Yes || No effect. || 0x00000002 || 0 || 0**
|-
| SSL_OP_LEGACY_SERVER_CONNECT || Yes || Allow legacy insecure renegotiation between OpenSSL and unpatched servers only. || 0x00000004 || 0x00000004 || 0x00000004U
|-
| SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG || Yes || No effect. || 0x00000008 || 0 || 0**
|-
| SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG || || No effect. || 0 || Not defined || Not defined
|-
| SSL_OP_TLSEXT_PADDING || Yes || Adds a padding extension to ensure the ClientHello size is never between 256 and 511 bytes in length. || 0x00000010 || 0x00000010 || 0x00000010U
|-
| SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER || Yes || Accept large records (18K+) from Microsoft servers/clients. || 0x00000020 || 0 || 0**
|-
| SSL_OP_SAFARI_ECDHE_ECDSA_BUG || Yes || Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8...10.8.3 has broken support for ECDHE-ECDSA ciphers. || 0x00000040 || 0x00000040 || 0x00000040U
|-
| SSL_OP_MSIE_SSLV2_RSA_PADDING || || No effect.|| 0 || 0 || 0
|-
| SSL_OP_SSLEAY_080_CLIENT_DH_BUG || Yes || Allow invalid client DH parameters during client key exchange. || 0x00000080 || 0 || 0**
|-
| SSL_OP_TLS_D5_BUG || Yes || Allow invalid RSA encrypted length from client during client key exchange. || 0x00000100 || 0 || 0**
|-
| SSL_OP_TLS_BLOCK_PADDING_BUG || Yes || Compensate for incorrect padding. || 0x00000200 || 0 || 0**
|-
| SSL_OP_ALLOW_NO_DHE_KEX || || In TLSv1.3 allow a non-(EC)DHE-based key exchange mode || Not defined || Not defined || 0x00000400U
|-
| SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS || Yes || Disables a counter-measure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken (Microsoft) SSL implementations.|| 0x00000800 || 0x00000800 || 0x00000800U
|-
| SSL_OP_NO_QUERY_MTU || || DTLS PMTU option. || 0x00001000 || 0x00001000 || 0x00001000U
|-
| SSL_OP_COOKIE_EXCHANGE || || Turn on Cookie Exchange (on relevant for servers). || 0x00002000 || 0x00002000 || 0x00002000U
|-
| SSL_OP_NO_TICKET || || Don't use RFC4507 ticket extension. || 0x00004000 || 0x00004000 || 0x00004000U
|-
| SSL_OP_CISCO_ANYCONNECT || || Use Cisco's "speshul" version of DTLS_BAD_VER (as client). || 0x00008000 || 0x00008000 || 0x00008000U
|-
| SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION || || As server, disallow session resumption on renegotiation. || 0x00010000 || 0x00010000 || 0x00010000U
|-
| SSL_OP_NO_COMPRESSION || || Don't use compression even if supported. || 0x00020000 || 0x00020000 || 0x00020000U
|-
| SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION || || Permit unsafe legacy renegotiation. || 0x00040000 || 0x00040000 || 0x00040000U
|-
| SSL_OP_SINGLE_ECDH_USE || || If set, always create a new key when using tmp_ecdh parameters. || 0x00080000 || 0 || 0
|-
| SSL_OP_NO_ENCRYPT_THEN MAC || || Disable encrypt-then-MAC || Not defined || Not defined || 0x00080000U
|-
| SSL_OP_SINGLE_DH_USE || || If set, always create a new key when using tmp_dh parameters (In recent 1.0.2, does nothing: retained for compatibility). || 0x00100000 || 0 || 0
|-
| SSL_OP_EPHEMERAL_RSA || || No effect. || 0 || 0 || 0
|-
| SSL_OP_PRIORITIZE_CHACHA || || Prioritize ChaCha20Poly1305 on servers when client does. || Not defined || Not defined || 0x00200000U
|-
| SSL_OP_CIPHER_SERVER_PREFERENCE || || Set on servers to choose the cipher according to the server's preferences || 0x00400000 || 0x00400000 || 0x00400000U
|-
| SSL_OP_TLS_ROLLBACK_BUG || || Allow a client to specify SSLv3.0 in the pre-master secret even if TLSv1.0 was specified in the ClientHello. || 0x00800000 || 0x00800000 || 0x00800000U
|-
| SSL_OP_NO_SSLv2 || || Disable SSLv2. || 0x01000000 || 0 || 0
|-
| SSL_OP_NO_SSLv3 || || Disable SSLv3. || 0x02000000 || 0x02000000 || 0x02000000U
|-
| SSL_OP_NO_TLSv1/SSL_OP_NO_DTLSv1 || || Disable TLSv1/DTLSv1. || 0x04000000 || 0x04000000 || 0x04000000U
|-
| SSL_OP_NO_TLSv1_2/SSL_OP_NO_DTLSv1_2 || || Disable TLSv1.2/DTLSv1.2. || 0x08000000 || 0x08000000 || 0x08000000U
|-
| SSL_OP_NO_TLSv1_1 || || Disable TLSv1.1. || 0x10000000 || 0x10000000 || 0x10000000U
|-
| SSL_OP_NETSCAPE_CA_DN_BUG || || || 0x20000000 || 0 || 0
|-
| SSL_OP_NO_TLSv1_3 || || Diable TLSv1.3 || Not defined || Not defined || 0x20000000U
|-
| SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG || || || 0x40000000 || 0 || 0
|-
| SSL_OP_NO_RENEGOTIATION || || Disallow all renegotiation || Not defined || Not defined || 0x40000000U
|-
| SSL_OP_CRYPTOPRO_TLSEXT_BUG || Yes || Adds a ServerHello TLSEXT when using a GOST cipher. || 0x80000000 || 0x80000000 || 0x80000000U
|-
| SSL_OP_PKCS1_CHECK_1 || || No effect. || 0 || 0 || 0
|-
| SSL_OP_PKCS1_CHECK_2 || || No effect. || 0 || 0 || 0
|-
| SSL_OP_NO_SSL_MASK || || SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2 || 0x1F000000 || 0x1E000000 || 0x3E000000U
|-
| SSL_OP_ALL || Yes || Default set of options. || 0x80000BFF || 0x80000BFF || 0x80000854U
|}

== SSL_OP_ALL ==

In OpenSSL 1.1.1, the SSL_OP_ALL option changed value. This means that 1.1.0 and 1.1.1, although ABI compatible, have different values for default enabled options. The result of this is that several option bits marked by ** cannot be re-assigned until 1.2.0.

As of 1.1.0, these options are enabled by default via SSL_OP_ALL:

* SSL_OP_CRYPTOPRO_TLSEXT_BUG
* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
* SSL_OP_LEGACY_SERVER_CONNECT
* SSL_OP_TLSEXT_PADDING
* SSL_OP_SAFARI_ECDHE_ECDSA_BUG)

== Protocol Version Options ==

The following options control the protocols enabled on an SSL or SSL_CTX:

* SSL_OP_NO_SSLv2
* SSL_OP_NO_SSLv3
* SSL_OP_NO_TLSv1
* SSL_OP_NO_TLSv1_1
* SSL_OP_NO_TLSv1_2
* SSL_OP_NO_TLSv1_3
* SSL_OP_NO_DTLSv1
* SSL_OP_NO_DTLSv1_2

These options are deprecated as of 1.1.0, use SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version() instead.

== Historical Options and Notes ==

=== SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ===

This option does nothing, but was retained for compatibility. In 1.0.1 this option had a value of 0x00000010, but that was taken over by SSL_OP_TLS_PADDING in 1.0.2; this option's value was changed to 0 in 1.0.2. It was included in SSL_OP_ALL. The defintion was removed from 1.1.0.

=== SSL_OP_MSIE_SSLV2_RSA_PADDING ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00000040; this option's value was changed to 0 in 1.0.2.

=== SSL_OP_SINGLE_DH_USE ===

If set, always create a new key when using tmp_dh parameters. As of 1.0.2f single-DH key use is always on, and this option does nothing, and is retained for compatibility.

=== SSL_OP_EPHEMERAL_RSA ===

This option does nothing, but was retained for compatibility. In 1.0.1, this option had a value of 0x00200000; this option's value was changed to 0 in 1.0.2. This option always used the tmp_rsa key when doing RSA operations, even when this violated protocol specs.

=== SSL_OP_PRIORITIZE_CHACHA ===

This option has no effect if SSL_OP_CIPHER_SERVER_PREFERENCE is not enabled.

=== SSL_OP_TLS_ROLLBACK_BUG ===

This option had a value of 0x00000400 in 0.9.6. If set, a server will allow a client to issue a SSLv3.0 version number as latest version supported in the premaster secret, even when TLSv1.0 (version 3.1) was announced in the client hello. Normally this is forbidden to prevent version rollback attacks.

=== SSL_OP_PKCS1_CHECK_1 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x08000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

=== SSL_OP_PKCS1_CHECK_2 ===

This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x10000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

@@ Line 96: / Line 96: @@
 == SSL_OP_ALL ==
-In OpenSSL 1.1.1, the SSL_OP_ALL option changed value. This means that 1.1.0 and 1.1.1, although ABI compatible, have different values for default enabled options. The result of this is that several option bits marked by ** cannot be re-assigned until 1.2.0.
+In OpenSSL 1.1.1, the SSL_OP_ALL option changed value. This means that 1.1.0 and 1.1.1, although ABI compatible, have different values for default enabled options. The result of this is that several option bits marked by ** cannot be re-assigned until 3.0.0.
 As of 1.1.0, these options are enabled by default via SSL_OP_ALL:

@@ Line 146: / Line 146: @@
 This option had a value of 0x00000400 in 0.9.6. If set, a server will allow a client to issue a SSLv3.0 version number as latest version supported in the premaster secret, even when TLSv1.0 (version 3.1) was announced in the client hello. Normally this is forbidden to prevent version rollback attacks.
 === SSL_OP_PKCS1_CHECK_1 ===
@@ Line 154: / Line 156: @@
 This option does nothing, but was retained for compatibility. Prior to 1.0.1, this option had a value of 0x10000000. The option would deliberately change the ciphertext, this is a check for the PKCS#1 attack.

@@ Line 89: / Line 89: @@
 | SSL_OP_PKCS1_CHECK_2 || || No effect. || 0 || 0 || 0
 |-
-| SSL_OP_NO_SSL_MASK || || SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2  || 0x1F000000 || 0x1E000000 || 0x3E000000U
+| SSL_OP_NO_SSL_MASK || || SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3  || 0x1F000000 || 0x1E000000 || 0x3E000000U
 |-
 | SSL_OP_ALL || Yes || Default set of options. || 0x80000BFF || 0x80000BFF || 0x80000854U

List of SSL OP Flags - Revision history

Tmshort: Update for 3.0

Tmshort at 14:21, 29 July 2019

Tmshort: /* Historical Options and Notes */

Tmshort: /* Table of Options */

Tmshort: Initial page