Constant |
Description |
SSL_OP_ALL |
Applies multiple bug workarounds within OpenSSL. See
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html
for detail. |
SSL_OP_ALLOW_NO_DHE_KEX |
Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode
for TLS v1.3 |
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION |
Allows legacy insecure renegotiation between OpenSSL and unpatched
clients or servers. See
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. |
SSL_OP_CIPHER_SERVER_PREFERENCE |
Attempts to use the server’s preferences instead of the client’s when
selecting a cipher. Behavior depends on protocol version. See
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. |
SSL_OP_CISCO_ANYCONNECT |
Instructs OpenSSL to use Cisco’s “speshul” version of DTLS_BAD_VER. |
SSL_OP_COOKIE_EXCHANGE |
Instructs OpenSSL to turn on cookie exchange. |
SSL_OP_CRYPTOPRO_TLSEXT_BUG |
Instructs OpenSSL to add server-hello extension from an early version
of the cryptopro draft. |
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability
workaround added in OpenSSL 0.9.6d. |
SSL_OP_EPHEMERAL_RSA |
Instructs OpenSSL to always use the tmp_rsa key when performing RSA
operations. |
SSL_OP_LEGACY_SERVER_CONNECT |
Allows initial connection to servers that do not support RI. |
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
|
SSL_OP_MICROSOFT_SESS_ID_BUG |
|
SSL_OP_MSIE_SSLV2_RSA_PADDING |
Instructs OpenSSL to disable the workaround for a man-in-the-middle
protocol-version vulnerability in the SSL 2.0 server implementation. |
SSL_OP_NETSCAPE_CA_DN_BUG |
|
SSL_OP_NETSCAPE_CHALLENGE_BUG |
|
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG |
|
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG |
|
SSL_OP_NO_COMPRESSION |
Instructs OpenSSL to disable support for SSL/TLS compression. |
SSL_OP_NO_ENCRYPT_THEN_MAC |
Instructs OpenSSL to disable encrypt-then-MAC. |
SSL_OP_NO_QUERY_MTU |
|
SSL_OP_NO_RENEGOTIATION |
Instructs OpenSSL to disable renegotiation. |
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Instructs OpenSSL to always start a new session when performing
renegotiation. |
SSL_OP_NO_SSLv2 |
Instructs OpenSSL to turn off SSL v2 |
SSL_OP_NO_SSLv3 |
Instructs OpenSSL to turn off SSL v3 |
SSL_OP_NO_TICKET |
Instructs OpenSSL to disable use of RFC4507bis tickets. |
SSL_OP_NO_TLSv1 |
Instructs OpenSSL to turn off TLS v1 |
SSL_OP_NO_TLSv1_1 |
Instructs OpenSSL to turn off TLS v1.1 |
SSL_OP_NO_TLSv1_2 |
Instructs OpenSSL to turn off TLS v1.2 |
SSL_OP_NO_TLSv1_3 |
Instructs OpenSSL to turn off TLS v1.3 |
SSL_OP_PKCS1_CHECK_1 |
|
SSL_OP_PKCS1_CHECK_2 |
|
SSL_OP_PRIORITIZE_CHACHA |
Instructs OpenSSL server to prioritize ChaCha20Poly1305
when client does.
This option has no effect if
SSL_OP_CIPHER_SERVER_PREFERENCE
is not enabled. |
SSL_OP_SINGLE_DH_USE |
Instructs OpenSSL to always create a new key when using
temporary/ephemeral DH parameters. |
SSL_OP_SINGLE_ECDH_USE |
Instructs OpenSSL to always create a new key when using
temporary/ephemeral ECDH parameters. |
SSL_OP_SSLEAY_080_CLIENT_DH_BUG |
|
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG |
|
SSL_OP_TLS_BLOCK_PADDING_BUG |
|
SSL_OP_TLS_D5_BUG |
|
SSL_OP_TLS_ROLLBACK_BUG |
Instructs OpenSSL to disable version rollback attack detection. |