chickadee » openssl » ssl-make-client-context

(ssl-make-client-context #!optional ((protocol <symbol-or-pair>) 'tls)) => <ssl-client-context>procedure

This procedure exists mainly for backwards compatibility. Consider using ssl-make-client-context* instead, which uses better default settings.

Creates a context to be supplied to ssl-connect. The context identifies a communication protocol (as selected by protocol), and also holds certificate information (i.e., the client's identity, its trusted certificate authorities, etc.). See the "Certificate procedures" section below for more information on certificates.

The protocol must be either one of the following symbols or a pair of them:

'sslv2-or-v3
TLS protocol or SSL protocol versions 2 or 3, as appropriate
'sslv3
SSL protocol version 3
'tls or 'tlsv1
the TLS protocol version 1
'tlsv11
the TLS protocol version 1.1
'tlsv12
the TLS protocol version 1.2
'tlsv13
the TLS protocol version 1.3

If a symbol is chosen, only that protocol version is supported, whereas a pair allows negotiation between a minimum and maximum protocol version. For example (tlsv1 . tlsv12) would allow TLS version 1, 1.1 and 1.2.

The default protocol is 'tls, which ensures maximum compatibility with other endpoints. Note, however, that this choice is not particularly secure. It is recommended to use TLSv1.2 instead. As of egg version 2.0.3, the use of the sslv2-or-v3 and sslv3 symbols raises an exception because the underlying library removed support for SSLv2 in OpenSSL 1.1.0.

By default, the context returned by ssl-make-client-context does not request verification of a server's certificate. Use ssl-set-verify! to enable such verification.