NAME

SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour

SYNOPSIS

 #include <openssl/ssl.h>

 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);

 void SSL_set_quiet_shutdown(SSL *ssl, int mode);
 int SSL_get_quiet_shutdown(const SSL *ssl);

DESCRIPTION

SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for ctx to be mode. SSL objects created from ctx inherit the mode valid at the time SSL_new(3) is called. mode may be 0 or 1.

SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of ctx.

SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for ssl to be mode. The setting stays valid until ssl is removed with SSL_free(3) or SSL_set_quiet_shutdown() is called again. It is not changed when SSL_clear(3) is called. mode may be 0 or 1.

SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of ssl.

These functions are not supported for QUIC SSL objects. SSL_set_quiet_shutdown() has no effect if called on a QUIC SSL object.

NOTES

Normally when a SSL connection is finished, the parties must send out close_notify alert messages using SSL_shutdown(3) for a clean shutdown.

When setting the "quiet shutdown" flag to 1, SSL_shutdown(3) will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (SSL_shutdown(3) then behaves like SSL_set_shutdown(3) called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no close_notify alert is sent to the peer. This behaviour violates the TLS standard.

The default is normal shutdown behaviour as described by the TLS standard.

RETURN VALUES

SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return diagnostic information.

SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown() return the current setting.

SEE ALSO

ssl(7), SSL_shutdown(3), SSL_set_shutdown(3), SSL_new(3), SSL_clear(3), SSL_free(3)

COPYRIGHT

Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.