path: root/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3

.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3ossl"
.TH SSL_CTX_SET_TMP_DH_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
SSL_CTX_set_dh_auto, SSL_set_dh_auto, SSL_CTX_set0_tmp_dh_pkey,
SSL_set0_tmp_dh_pkey, SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh,
SSL_set_tmp_dh_callback, SSL_set_tmp_dh
\&\- handle DH keys for ephemeral key exchange
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/ssl.h>
\&
\& long SSL_CTX_set_dh_auto(SSL_CTX *ctx, int onoff);
\& long SSL_set_dh_auto(SSL *s, int onoff);
\& int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey);
\& int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey);
.Ve
.PP
The following functions have been deprecated since OpenSSL 3.0, and can be
hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value,
see \fBopenssl_user_macros\fR\|(7):
.PP
.Vb 4
\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
\&                                  DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
\&                                                         int keylength));
\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
\&
\& void SSL_set_tmp_dh_callback(SSL *ctx,
\&                              DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
\&                                                     int keylength));
\& long SSL_set_tmp_dh(SSL *ssl, DH *dh);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The functions described on this page are relevant for servers only.
.PP
Some ciphersuites may use ephemeral Diffie-Hellman (\s-1DH\s0) key exchange. In these
cases, the session data is negotiated using the ephemeral/temporary \s-1DH\s0 key and
the key supplied and certified by the certificate chain is only used for
signing. Anonymous ciphers (without a permanent server key) also use ephemeral
\&\s-1DH\s0 keys.
.PP
Using ephemeral \s-1DH\s0 key exchange yields forward secrecy as the connection
can only be decrypted when the \s-1DH\s0 key is known. By generating a temporary
\&\s-1DH\s0 key inside the server application that is lost when the application
is left, it becomes impossible for an attacker to decrypt past sessions,
even if they get hold of the normal (certified) key, as this key was
only used for signing.
.PP
In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group
(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate
a new \s-1DH\s0 key during the negotiation.
.PP
As generating \s-1DH\s0 parameters is extremely time consuming, an application
should not generate the parameters on the fly. \s-1DH\s0 parameters can be reused, as
the actual key is newly generated during the negotiation.
.PP
Typically applications should use well know \s-1DH\s0 parameters that have built-in
support in OpenSSL. The macros \fBSSL_CTX_set_dh_auto()\fR and \fBSSL_set_dh_auto()\fR
configure OpenSSL to use the default built-in \s-1DH\s0 parameters for the \fB\s-1SSL_CTX\s0\fR
and \fB\s-1SSL\s0\fR objects respectively. Passing a value of 1 in the \fIonoff\fR parameter
switches the feature on, and passing a value of 0 switches it off. The default
setting is off.
.PP
If \*(L"auto\*(R" \s-1DH\s0 parameters are switched on then the parameters will be selected to
be consistent with the size of the key associated with the server's certificate.
If there is no certificate (e.g. for \s-1PSK\s0 ciphersuites), then it it will be
consistent with the size of the negotiated symmetric cipher key.
.PP
Applications may supply their own \s-1DH\s0 parameters instead of using the built-in
values. This approach is discouraged and applications should in preference use
the built-in parameter support described above. Applications wishing to supply
their own \s-1DH\s0 parameters should call \fBSSL_CTX_set0_tmp_dh_pkey()\fR or
\&\fBSSL_set0_tmp_dh_pkey()\fR to supply the parameters for the \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR
respectively. The parameters should be supplied in the \fIdhpkey\fR argument as
an \fB\s-1EVP_PKEY\s0\fR containing \s-1DH\s0 parameters. Ownership of the \fIdhpkey\fR value is
passed to the \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR object as a result of this call, and so the
caller should not free it if the function call is successful.
.PP
The deprecated macros \fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do the same
thing as \fBSSL_CTX_set0_tmp_dh_pkey()\fR and \fBSSL_set0_tmp_dh_pkey()\fR except that the
\&\s-1DH\s0 parameters are supplied in a \fB\s-1DH\s0\fR object instead in the \fIdh\fR argument, and
ownership of the \fB\s-1DH\s0\fR object is retained by the application. Applications
should use \*(L"auto\*(R" parameters instead, or call \fBSSL_CTX_set0_tmp_dh_pkey()\fR or
\&\fBSSL_set0_tmp_dh_pkey()\fR as appropriate.
.PP
An application may instead specify the \s-1DH\s0 parameters via a callback function
using the functions \fBSSL_CTX_set_tmp_dh_callback()\fR or \fBSSL_set_tmp_dh_callback()\fR
to set the callback for the \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR object respectively. These
functions are deprecated. Applications should instead use \*(L"auto\*(R" parameters, or
specify the parameters via \fBSSL_CTX_set0_tmp_dh_pkey()\fR or \fBSSL_set0_tmp_dh_pkey()\fR
as appropriate.
.PP
The callback will be invoked during a connection when \s-1DH\s0 parameters are
required. The \fB\s-1SSL\s0\fR object for the current connection is supplied as an
argument. Previous versions of OpenSSL used the \fBis_export\fR and \fBkeylength\fR
arguments to control parameter generation for export and non-export
cipher suites. Modern OpenSSL does not support export ciphersuites and so these
arguments are unused and can be ignored by the callback. The callback should
return the parameters to be used in a \s-1DH\s0 object. Ownership of the \s-1DH\s0 object is
retained by the application and should later be freed.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
All of these functions/macros return 1 for success or 0 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3),
\&\fBSSL_CTX_set_options\fR\|(3),
\&\fBopenssl\-ciphers\fR\|(1), \fBopenssl\-dhparam\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2001\-2023 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.