SSL_CTX_SET_DOMAIN_FLAGS(3ossl) OpenSSL SSL_CTX_SET_DOMAIN_FLAGS(3ossl)
NAME
SSL_CTX_set_domain_flags, SSL_CTX_get_domain_flags,
SSL_get_domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD,
SSL_DOMAIN_FLAG_MULTI_THREAD, SSL_DOMAIN_FLAG_THREAD_ASSISTED,
SSL_DOMAIN_FLAG_BLOCKING, SSL_DOMAIN_FLAG_LEGACY_BLOCKING - control the
concurrency model used by a QUIC domain
SYNOPSIS
#include <openssl/ssl.h>
#define SSL_DOMAIN_FLAG_SINGLE_THREAD
#define SSL_DOMAIN_FLAG_MULTI_THREAD
#define SSL_DOMAIN_FLAG_LEGACY_BLOCKING
#define SSL_DOMAIN_FLAG_BLOCKING
#define SSL_DOMAIN_FLAG_THREAD_ASSISTED
int SSL_CTX_set_domain_flags(SSL_CTX *ctx, uint64_t flags);
int SSL_CTX_get_domain_flags(SSL_CTX *ctx, uint64_t *flags);
int SSL_get_domain_flags(SSL *ssl, uint64_t *flags);
DESCRIPTION
SSL_CTX_set_domain_flags(3) and SSL_CTX_get_domain_flags() set and get
the QUIC domain flags on a SSL_CTX using a QUIC SSL_METHOD. These flags
determine the concurrency model which is used for a QUIC domain. A
detailed introduction to these concepts can be found in
openssl-quic-concurrency(7).
Applications may use either one the flags here:
SSL_DOMAIN_FLAG_SINGLE_THREAD
Specifying this flag configures the Single-Threaded Concurrency
Model (SCM).
SSL_DOMAIN_FLAG_MULTI_THREAD
Speciyfing this flag configures the Contentive Concurrency Model
(CCM) (unless SSL_DOMAIN_FLAG_THREAD_ASSISTED is also specified).
If OpenSSL was built without thread support, this is identical to
SSL_DOMAIN_FLAG_SINGLE_THREAD.
SSL_DOMAIN_FLAG_THREAD_ASSISTED
Specifying this flag configures the Thread-Assisted Concurrency
Model (TACM). It implies SSL_DOMAIN_FLAG_MULTI_THREAD and
SSL_DOMAIN_FLAG_BLOCKING.
This concurrency model is not available if OpenSSL was built
without thread support, in which case attempting to configure it
will result in an error.
SSL_DOMAIN_FLAG_BLOCKING
Enable reliable support for blocking I/O calls, allocating whatever
OS resources are necessary to realise this. If this flag is
specified, SSL_DOMAIN_FLAG_LEGACY_BLOCKING is ignored.
SSL_DOMAIN_FLAG_LEGACY_BLOCKING
Enables legacy blocking compatibility mode. See "Legacy Blocking
Support Compatibility" in openssl-quic-concurrency(7).
Mutually exclusive flag combinations result in an error (for example,
combining SSL_DOMAIN_FLAG_SINGLE_THREAD and
SSL_DOMAIN_FLAG_MULTI_THREADED).
Because exactly one concurrency model must be chosen, the domain flags
cannot be set to 0 and attempting to do so will result in an error.
Changing these flags using SSL_CTX_set_domain_flags(3) has no effect on
QUIC domains which have already been created.
The default set of domain flags set on a newly created SSL_CTX may vary
by OpenSSL version, chosen SSL_METHOD, and operating environment. See
openssl-quic-concurrency(7) for details. An application can retrieve
the default domain flags by calling SSL_CTX_get_domain_flags()
immediately after constructing a SSL_CTX.
SSL_get_domain_flags() retrieves the domain flags which are effective
for a QUIC domain when called on any QUIC SSL object under that domain.
RETURN VALUES
SSL_CTX_set_domain_flags(3), SSL_CTX_get_domain_flags() and
SSL_get_domain_flags() return 1 on success and 0 on failure.
SSL_CTX_set_domain_flags(3) fails if called with a set of flags which
are inconsistent or which cannot be supported given the current
environment.
SSL_CTX_set_domain_flags(3) and SSL_CTX_get_domain_flags() fail if
called on a SSL_CTX which is not using a QUIC SSL_METHOD.
SSL_get_domain_flags() fails if called on a non-QUIC SSL object.
SEE ALSO
SSL_new_domain(3), openssl-quic-concurrency(7)
HISTORY
These functions were added in OpenSSL 3.5.
COPYRIGHT
Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.
3.5.0 2025-04-10 SSL_CTX_SET_DOMAIN_FLAGS(3ossl)
openssl 3.5.0 - Generated Tue Apr 29 07:47:28 CDT 2025