Skip to content

SSL_get_version

NAME

SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_is_tls, SSL_is_quic, SSL_version - get the protocol information of a connection

SYNOPSIS

#include <openssl/ssl.h>

int SSL_client_version(const SSL *s);

const char *SSL_get_version(const SSL *ssl);

int SSL_is_dtls(const SSL *ssl);
int SSL_is_tls(const SSL *ssl);
int SSL_is_quic(const SSL *ssl);

int SSL_version(const SSL *s);

DESCRIPTION

For SSL, TLS and DTLS protocols SSL_client_version() returns the numeric protocol version advertised by the client in the legacy_version field of the ClientHello when initiating the connection. Note that, for TLS, this value will never indicate a version greater than TLSv1.2 even if TLSv1.3 is subsequently negotiated. For QUIC connections it returns OSSL_QUIC1_VERSION.

SSL_get_version() returns the name of the protocol used for the connection. SSL_version() returns the numeric protocol version used for the connection. They should only be called after the initial handshake has been completed. Prior to that the results returned from these functions may be unreliable.

SSL_is_dtls() returns 1 if the connection is using DTLS or 0 if not.

SSL_is_tls() returns 1 if the connection is using SSL/TLS or 0 if not.

SSL_is_quic() returns 1 if the connection is using QUIC or 0 if not.

RETURN VALUES

SSL_get_version() returns one of the following strings:

  • SSLv3

    The connection uses the SSLv3 protocol.

  • TLSv1

    The connection uses the TLSv1.0 protocol.

  • TLSv1.1

    The connection uses the TLSv1.1 protocol.

  • TLSv1.2

    The connection uses the TLSv1.2 protocol.

  • TLSv1.3

    The connection uses the TLSv1.3 protocol.

  • DTLSv0.9

    The connection uses an obsolete pre-standardisation DTLS protocol

  • DTLSv1

    The connection uses the DTLSv1 protocol

  • DTLSv1.2

    The connection uses the DTLSv1.2 protocol

  • QUICv1

    The connection uses the QUICv1 protocol.

  • unknown

    This indicates an unknown protocol version.

SSL_version() and SSL_client_version() return an integer which could include any of the following:

  • SSL3_VERSION

    The connection uses the SSLv3 protocol.

  • TLS1_VERSION

    The connection uses the TLSv1.0 protocol.

  • TLS1_1_VERSION

    The connection uses the TLSv1.1 protocol.

  • TLS1_2_VERSION

    The connection uses the TLSv1.2 protocol.

  • TLS1_3_VERSION

    The connection uses the TLSv1.3 protocol (never returned for SSL_client_version()).

  • DTLS1_BAD_VER

    The connection uses an obsolete pre-standardisation DTLS protocol

  • DTLS1_VERSION

    The connection uses the DTLSv1 protocol

  • DTLS1_2_VERSION

    The connection uses the DTLSv1.2 protocol

  • OSSL_QUIC1_VERSION

    The connection uses the QUICv1 protocol.

SEE ALSO

ssl(7)

HISTORY

The SSL_is_dtls() function was added in OpenSSL 1.1.0. The SSL_is_tls() and SSL_is_quic() functions were added in OpenSSL 3.2.

Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.