Constant Description
    SSL_OP_ALL Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail.
    SSL_OP_ALLOW_NO_DHE_KEX Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode for TLS v1.3
    SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.
    SSL_OP_CIPHER_SERVER_PREFERENCE Attempts to use the server’s preferences instead of the client’s when selecting a cipher. Behavior depends on protocol version. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.
    SSL_OP_CISCO_ANYCONNECT Instructs OpenSSL to use Cisco’s “speshul” version of DTLS_BAD_VER.
    SSL_OP_COOKIE_EXCHANGE Instructs OpenSSL to turn on cookie exchange.
    SSL_OP_CRYPTOPRO_TLSEXT_BUG Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft.
    SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d.
    SSL_OP_EPHEMERAL_RSA Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations.
    SSL_OP_LEGACY_SERVER_CONNECT Allows initial connection to servers that do not support RI.
    SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
    SSL_OP_MICROSOFT_SESS_ID_BUG
    SSL_OP_MSIE_SSLV2_RSA_PADDING Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation.
    SSL_OP_NETSCAPE_CA_DN_BUG
    SSL_OP_NETSCAPE_CHALLENGE_BUG
    SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
    SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
    SSL_OP_NO_COMPRESSION Instructs OpenSSL to disable support for SSL/TLS compression.
    SSL_OP_NO_ENCRYPT_THEN_MAC Instructs OpenSSL to disable encrypt-then-MAC.
    SSL_OP_NO_QUERY_MTU
    SSL_OP_NO_RENEGOTIATION Instructs OpenSSL to disable renegotiation.
    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION Instructs OpenSSL to always start a new session when performing renegotiation.
    SSL_OP_NO_SSLv2 Instructs OpenSSL to turn off SSL v2
    SSL_OP_NO_SSLv3 Instructs OpenSSL to turn off SSL v3
    SSL_OP_NO_TICKET Instructs OpenSSL to disable use of RFC4507bis tickets.
    SSL_OP_NO_TLSv1 Instructs OpenSSL to turn off TLS v1
    SSL_OP_NO_TLSv1_1 Instructs OpenSSL to turn off TLS v1.1
    SSL_OP_NO_TLSv1_2 Instructs OpenSSL to turn off TLS v1.2
    SSL_OP_NO_TLSv1_3 Instructs OpenSSL to turn off TLS v1.3
    SSL_OP_PKCS1_CHECK_1
    SSL_OP_PKCS1_CHECK_2
    SSL_OP_PRIORITIZE_CHACHA Instructs OpenSSL server to prioritize ChaCha20Poly1305 when client does. This option has no effect if SSL_OP_CIPHER_SERVER_PREFERENCE is not enabled.
    SSL_OP_SINGLE_DH_USE Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters.
    SSL_OP_SINGLE_ECDH_USE Instructs OpenSSL to always create a new key when using temporary/ephemeral ECDH parameters.
    SSL_OP_SSLEAY_080_CLIENT_DH_BUG
    SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
    SSL_OP_TLS_BLOCK_PADDING_BUG
    SSL_OP_TLS_D5_BUG
    SSL_OP_TLS_ROLLBACK_BUG Instructs OpenSSL to disable version rollback attack detection.