=head1 NAME
-SSL_CONF_cmd_value_type, SSL_CONF_finish,
+SSL_CONF_cmd_value_type,
SSL_CONF_cmd - send configuration command
=head1 SYNOPSIS
int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
- int SSL_CONF_finish(SSL_CONF_CTX *cctx);
=head1 DESCRIPTION
SSL_CONF_cmd_value_type() returns the type of value that B<cmd> refers to.
-The function SSL_CONF_finish() must be called after all configuration
-operations have been completed. It is used to finalise any operations
-or to process defaults.
-
=head1 SUPPORTED COMMAND LINE COMMANDS
Currently supported B<cmd> names for command lines (i.e. when the
length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the
B<value> must be >1 or <=16384.
+=item B<-no_renegotiation>
+
+Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
+B<SSL_OP_NO_RENEGOTIATION>.
+
=item B<-min_protocol>, B<-max_protocol>
Sets the minimum and maximum supported protocol.
clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>.
Set by default.
+=item B<-allow_no_dhe_kex>
+
+In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means
+that there will be no forward secrecy for the resumed session.
+
=item B<-strict>
enables strict mode protocol handling. Equivalent to setting
length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the
B<value> must be >1 or <=16384.
+=item B<NoRenegotiation>
+
+Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
+B<SSL_OP_NO_RENEGOTIATION>.
+
=item B<SignatureAlgorithms>
This sets the supported signature algorithms for TLS v1.2. For clients this
default. Inverse of B<SSL_OP_NO_ENCRYPT_THEN_MAC>: that is,
B<-EncryptThenMac> is the same as setting B<SSL_OP_NO_ENCRYPT_THEN_MAC>.
+B<AllowNoDHEKEX>: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on
+resumption. This means that there will be no forward secrecy for the resumed
+session. Equivalent to B<SSL_OP_ALLOW_NO_DHE_KEX>.
+
=item B<VerifyMode>
The B<value> argument is a comma separated list of flags to set.
ignored.
By checking the return code of SSL_CONF_cmd() it is possible to query if a
-given B<cmd> is recognised, this is useful is SSL_CONF_cmd() values are
+given B<cmd> is recognised, this is useful if SSL_CONF_cmd() values are
mixed with additional application specific operations.
For example an application might call SSL_CONF_cmd() and if it returns
error in the syntax of B<value> in this case the error queue may provide
additional information.
-SSL_CONF_finish() returns 1 for success and 0 for failure.
-
=head1 SEE ALSO
L<SSL_CONF_CTX_new(3)>,