chickadee » openssl » ssl-make-client-context

(ssl-make-client-context #!optional ((protocol <symbol>) 'sslv2-or-v3)) => <ssl-client-context>procedure

This procedure exists mainly for backwards compatibility. Consider using ssl-make-client-context* instead, which uses better default settings.

Creates a context to be supplied to ssl-connect. The context identifies a communication protocol (as selected by protocol), and also holds certificate information (i.e., the client's identity, its trusted certificate authorities, etc.). See the "Certificate procedures" section below for more information on certificates.

The protocol must be one of the following:

TLS protocol or SSL protocol versions 2 or 3, as appropriate
SSL protocol version 3
'tls or 'tlsv1
the TLS protocol version 1
the TLS protocol version 1.1
the TLS protocol version 1.2

The default protocol is 'sslv2-or-v3, which ensures maximum compatibility with other endpoints. Note, however, that this choice is not particularly secure. Vulnerabilities affecting only the legacy protocols can be avoided by explicitly requesting the 'tls protocol, if every peer you will be communicating with is supporting this.

By default, the context returned by ssl-make-client-context does not request verification of a server's certificate. Use ssl-set-verify! to enable such verification.