> From: openssl-users <openssl-users-boun...@openssl.org> On Behalf Of Jan Just 
> Keijser
> Sent: Monday, 31 January, 2022 03:51
> To: Srinivas, Saketh (c) <ssrini...@rbbn.com>; openssl-users@openssl.org
> Subject: Re: Doubt regarding ssl options

> On 31/01/22 10:27, Srinivas, Saketh (c) wrote:

> > what is the difference between  SSL_CTX_set_min_proto_version
> > and SSL_set_min_proto_version.

> The effect of SSL_CTX_set_min_proto_version and SSL_set_min_proto_version is
> exactly the same...

More generally: The difference between SSL_CTX_something and SSL_something is 
that the former operates on an SSL_CTX object, and the latter on an SSL object.

An SSL object controls an SSL connection (more or less). An SSL_CTX object is 
used to create one or more SSL objects; it serves as a template for those SSL 
objects.

So if you want to set "something" for multiple SSL objects you will create 
later, use the SSL_CTX_something function. If you only need to alter the 
properties of an existing SSL object, use the SSL_something function.

This is a fundamental aspect of the OpenSSL API.

-- 
Michael Wojcik

Reply via email to