SSL_CTX_set_domain_flags.3ossl - Man Page

 #include <openssl/ssl.h>

 #define SSL_DOMAIN_FLAG_SINGLE_THREAD
 #define SSL_DOMAIN_FLAG_MULTI_THREAD
 #define SSL_DOMAIN_FLAG_LEGACY_BLOCKING
 #define SSL_DOMAIN_FLAG_BLOCKING
 #define SSL_DOMAIN_FLAG_THREAD_ASSISTED

 int SSL_CTX_set_domain_flags(SSL_CTX *ctx, uint64_t flags);
 int SSL_CTX_get_domain_flags(SSL_CTX *ctx, uint64_t *flags);

 int SSL_get_domain_flags(SSL *ssl, uint64_t *flags);

SSL_CTX_set_domain_flags() and SSL_CTX_get_domain_flags() set and get the QUIC domain flags on a SSL_CTX using a QUIC SSL_METHOD. These flags determine the concurrency model which is used for a QUIC domain. A detailed introduction to these concepts can be found in openssl-quic-concurrency(7).

Applications may use either one the flags here:

SSL_DOMAIN_FLAG_SINGLE_THREAD

Specifying this flag configures the Single-Threaded Concurrency Model (SCM).

SSL_DOMAIN_FLAG_MULTI_THREAD

Speciyfing this flag configures the Contentive Concurrency Model (CCM) (unless SSL_DOMAIN_FLAG_THREAD_ASSISTED is also specified).

If OpenSSL was built without thread support, this is identical to SSL_DOMAIN_FLAG_SINGLE_THREAD.

SSL_DOMAIN_FLAG_THREAD_ASSISTED

Specifying this flag configures the Thread-Assisted Concurrency Model (TACM). It implies SSL_DOMAIN_FLAG_MULTI_THREAD and SSL_DOMAIN_FLAG_BLOCKING.

This concurrency model is not available if OpenSSL was built without thread support, in which case attempting to configure it will result in an error.

SSL_DOMAIN_FLAG_BLOCKING

Enable reliable support for blocking I/O calls, allocating whatever OS resources are necessary to realise this. If this flag is specified, SSL_DOMAIN_FLAG_LEGACY_BLOCKING is ignored.

SSL_DOMAIN_FLAG_LEGACY_BLOCKING

Enables legacy blocking compatibility mode. See "Legacy Blocking Support Compatibility" in openssl-quic-concurrency(7).

Mutually exclusive flag combinations result in an error (for example, combining SSL_DOMAIN_FLAG_SINGLE_THREAD and SSL_DOMAIN_FLAG_MULTI_THREADED).

Because exactly one concurrency model must be chosen, the domain flags cannot be set to 0 and attempting to do so will result in an error.

Changing these flags using SSL_CTX_set_domain_flags() has no effect on QUIC domains which have already been created.

The default set of domain flags set on a newly created SSL_CTX may vary by OpenSSL version, chosen SSL_METHOD, and operating environment. See openssl-quic-concurrency(7) for details. An application can retrieve the default domain flags by calling SSL_CTX_get_domain_flags() immediately after constructing a SSL_CTX.

SSL_get_domain_flags() retrieves the domain flags which are effective for a QUIC domain when called on any QUIC SSL object under that domain.

SSL_CTX_set_domain_flags(), SSL_CTX_get_domain_flags() and SSL_get_domain_flags() return 1 on success and 0 on failure.

SSL_CTX_set_domain_flags() fails if called with a set of flags which are inconsistent or which cannot be supported given the current environment.

SSL_CTX_set_domain_flags() and SSL_CTX_get_domain_flags() fail if called on a SSL_CTX which is not using a QUIC SSL_METHOD.

SSL_get_domain_flags() fails if called on a non-QUIC SSL object.

SSL_new_domain(3), openssl-quic-concurrency(7)

These functions were added in @QUIC_SERVER_VERSION@.

Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use this file except in compliance with the License.  You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.

openssl-quic-concurrency.7ossl(7), SSL_new_domain.3ossl(3).

The man pages SSL_CTX_get_domain_flags.3ossl(3), SSL_DOMAIN_FLAG_BLOCKING.3ossl(3), SSL_DOMAIN_FLAG_LEGACY_BLOCKING.3ossl(3), SSL_DOMAIN_FLAG_MULTI_THREAD.3ossl(3), SSL_DOMAIN_FLAG_SINGLE_THREAD.3ossl(3), SSL_DOMAIN_FLAG_THREAD_ASSISTED.3ossl(3) and SSL_get_domain_flags.3ossl(3) are aliases of SSL_CTX_set_domain_flags.3ossl(3).