Add newly learned knowledge from yesterday's discussion.

=back

=back

If a generic method is used, it is necessary to explicitly set client or

server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>

or SSL_set_accept_state().

The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,

The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,

SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or

SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or

B<SSL_set_options()> functions. Using these options it is possible to choose

B<SSL_set_options()> functions. Using these options it is possible to choose

=head1 SEE ALSO

=head1 SEE ALSO

L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,

L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,

L<ssl(3)|ssl(3)>

L<ssl(3)|ssl(3)>,  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>

=cut

=cut

SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects

SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects

newly created from this B<ctx>. SSL objects already created with

newly created from this B<ctx>. SSL objects already created with

L<SSL_new(3)|SSL_new(3)> are not affected, except when SSL_clear() is

L<SSL_new(3)|SSL_new(3)> are not affected, except when

being called.

L<SSL_clear(3)|SSL_clear(3)> is being called.

SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>

SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>

object. It may be reset, when SSL_clear() is called.

object. It may be reset, when SSL_clear() is called.

The available B<method> choices are described in

The available B<method> choices are described in

L<SSL_CTX_new(3)|SSL_CTX_new(3)>.

L<SSL_CTX_new(3)|SSL_CTX_new(3)>.

When SSL_clear() is called and no session is connected to an SSL object,

When L<SSL_clear(3)|SSL_clear(3)> is called and no session is connected to

the method of the SSL object is reset to the method currently set in

an SSL object, the method of the SSL object is reset to the method currently

the corresponding SSL_CTX object.

set in the corresponding SSL_CTX object.

=head1 RETURN VALUES

=head1 RETURN VALUES

=head1 SEE ALSO

=head1 SEE ALSO

L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>,

L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>,

L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>

L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>,

L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>

=cut

=cut

condition. When using a buffering BIO, like a BIO pair, data must be written

condition. When using a buffering BIO, like a BIO pair, data must be written

into or retrieved out of the BIO before being able to continue.

into or retrieved out of the BIO before being able to continue.

When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it

is necessary to call SSL_set_accept_state()

before calling SSL_accept() to explicitly switch the B<ssl> to server

mode.

=head1 RETURN VALUES

=head1 RETURN VALUES

The following return values can occur:

The following return values can occur:

=head1 SEE ALSO

=head1 SEE ALSO

L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,

L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,

L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>

L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,

L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,

L<SSL_CTX_new(3)|SSL_CTX_new(3)>

=cut

=cut

condition. When using a buffering BIO, like a BIO pair, data must be written

condition. When using a buffering BIO, like a BIO pair, data must be written

into or retrieved out of the BIO before being able to continue.

into or retrieved out of the BIO before being able to continue.

When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it

is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>

before calling SSL_connect() to explicitly switch the B<ssl> to client

mode.

=head1 RETURN VALUES

=head1 RETURN VALUES

The following return values can occur:

The following return values can occur:

=head1 SEE ALSO

=head1 SEE ALSO

L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,

L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,

L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>

L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,

L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,

L<SSL_CTX_new(3)|SSL_CTX_new(3)>

=cut

=cut

=head1 NOTES

=head1 NOTES

If necessary, SSL_read() will negotiate a TLS/SSL session, if

If necessary, SSL_read() will negotiate a TLS/SSL session, if

not already explicitly performed by SSL_connect() or SSL_accept(). If the

not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or

L<SSL_accept(3)|SSL_accept(3)>. If the

peer requests a re-negotiation, it will be performed transparently during

peer requests a re-negotiation, it will be performed transparently during

the SSL_read() operation. The behaviour of SSL_read() depends on the

the SSL_read() operation. The behaviour of SSL_read() depends on the

underlying BIO. 

underlying BIO. 

For the transparent negotiation to succeed, the B<ssl> must have been

initialized to client or server mode. This is not the case if a generic

method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that

L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()

must be used before the first call to an SSL_read() or

L<SSL_write(3)|SSL_write(3)> function.

If the underlying BIO is B<blocking>, SSL_read() will only return, once the

If the underlying BIO is B<blocking>, SSL_read() will only return, once the

read operation has been finished or an error occurred, except when a

read operation has been finished or an error occurred, except when a

renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. 

renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. 

If the underlying BIO is B<non-blocking>, SSL_read() will also return

If the underlying BIO is B<non-blocking>, SSL_read() will also return

when the underlying BIO could not satisfy the needs of SSL_read()

when the underlying BIO could not satisfy the needs of SSL_read()

to continue the operation. In this case a call to SSL_get_error() with the

to continue the operation. In this case a call to

L<SSL_get_error(3)|SSL_get_error(3)> with the

return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or

return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or

B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a

B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a

call to SSL_read() can also cause write operations! The calling process

call to SSL_read() can also cause write operations! The calling process

=head1 SEE ALSO

=head1 SEE ALSO

L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,

L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,

L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,

L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,

L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>

L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,

L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>

L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>

=cut

=cut