OpenSSL 选项

常量	描述
`SSL_OP_ALL`	在 OpenSSL 中应用多个错误解决方法。详情请参阅 https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html。
`SSL_OP_ALLOW_NO_DHE_KEX`	指示 OpenSSL 允许 TLS v1.3 的非基于 [EC]DHE 的密钥交换模式
`SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION`	允许在 OpenSSL 和未打补丁的客户端或服务器之间进行旧版的不安全重新协商。详情请参阅 https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html。
`SSL_OP_CIPHER_SERVER_PREFERENCE`	在选择密码时尝试使用服务器的首选项而不是客户端的首选项。行为取决于协议版本。详情请参阅 https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html。
`SSL_OP_CISCO_ANYCONNECT`	指示 OpenSSL 使用思科的 "speshul" 版本的 DTLSBADVER。
`SSL_OP_COOKIE_EXCHANGE`	指示 OpenSSL 打开 cookie 交换。
`SSL_OP_CRYPTOPRO_TLSEXT_BUG`	指示 OpenSSL 从早期版本的 cryptopro 草案中添加 server-hello 扩展。
`SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS`	指示 OpenSSL 禁用在 OpenSSL 0.9.6d 中添加的 SSL 3.0/TLS 1.0 漏洞解决方法。
`SSL_OP_EPHEMERAL_RSA`	指示 OpenSSL 在执行 RSA 操作时始终使用 tmp_rsa 密钥。
`SSL_OP_LEGACY_SERVER_CONNECT`	允许初始连接到不支持 RI 的服务器。
`SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER`
`SSL_OP_MICROSOFT_SESS_ID_BUG`
`SSL_OP_MSIE_SSLV2_RSA_PADDING`	指示 OpenSSL 禁用 SSL 2.0 服务器实现中的中间人协议版本漏洞的解决方法。
`SSL_OP_NETSCAPE_CA_DN_BUG`
`SSL_OP_NETSCAPE_CHALLENGE_BUG`
`SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG`
`SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG`
`SSL_OP_NO_COMPRESSION`	指示 OpenSSL 禁用对 SSL/TLS 压缩的支持。
`SSL_OP_NO_ENCRYPT_THEN_MAC`	指示 OpenSSL 禁用 encrypt-then-MAC。
`SSL_OP_NO_QUERY_MTU`
`SSL_OP_NO_RENEGOTIATION`	指示 OpenSSL 禁用重新协商。
`SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION`	指示 OpenSSL 在执行重新协商时始终启动新会话。
`SSL_OP_NO_SSLv2`	指示 OpenSSL 关闭 SSL v2
`SSL_OP_NO_SSLv3`	指示 OpenSSL 关闭 SSL v3
`SSL_OP_NO_TICKET`	指示 OpenSSL 禁用 RFC4507bis 票证的使用。
`SSL_OP_NO_TLSv1`	指示 OpenSSL 关闭 TLS v1
`SSL_OP_NO_TLSv1_1`	指示 OpenSSL 关闭 TLS v1.1
`SSL_OP_NO_TLSv1_2`	指示 OpenSSL 关闭 TLS v1.2
`SSL_OP_NO_TLSv1_3`	指示 OpenSSL 关闭 TLS v1.3
`SSL_OP_PKCS1_CHECK_1`
`SSL_OP_PKCS1_CHECK_2`
`SSL_OP_PRIORITIZE_CHACHA`	当客户端这样做时，指示 OpenSSL 服务器优先考虑 ChaCha20Poly1305。如果 `SSL_OP_CIPHER_SERVER_PREFERENCE` 未启用，则此选项无效。
`SSL_OP_SINGLE_DH_USE`	指示 OpenSSL 在使用临时/短暂 DH 参数时始终创建新密钥。
`SSL_OP_SINGLE_ECDH_USE`	指示 OpenSSL 在使用临时/短暂 ECDH 参数时始终创建新密钥。
`SSL_OP_SSLEAY_080_CLIENT_DH_BUG`
`SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG`
`SSL_OP_TLS_BLOCK_PADDING_BUG`
`SSL_OP_TLS_D5_BUG`
`SSL_OP_TLS_ROLLBACK_BUG`	指示 OpenSSL 禁用版本回滚攻击检测。

Constant	Description
`SSL_OP_ALL`	Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail.
`SSL_OP_ALLOW_NO_DHE_KEX`	Instructs OpenSSL to allow a non-[EC]DHE-based key exchange mode for TLS v1.3
`SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION`	Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.
`SSL_OP_CIPHER_SERVER_PREFERENCE`	Attempts to use the server's preferences instead of the client's when selecting a cipher. Behavior depends on protocol version. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.
`SSL_OP_CISCO_ANYCONNECT`	Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER.
`SSL_OP_COOKIE_EXCHANGE`	Instructs OpenSSL to turn on cookie exchange.
`SSL_OP_CRYPTOPRO_TLSEXT_BUG`	Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft.
`SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS`	Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d.
`SSL_OP_EPHEMERAL_RSA`	Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations.
`SSL_OP_LEGACY_SERVER_CONNECT`	Allows initial connection to servers that do not support RI.
`SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER`
`SSL_OP_MICROSOFT_SESS_ID_BUG`
`SSL_OP_MSIE_SSLV2_RSA_PADDING`	Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation.
`SSL_OP_NETSCAPE_CA_DN_BUG`
`SSL_OP_NETSCAPE_CHALLENGE_BUG`
`SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG`
`SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG`
`SSL_OP_NO_COMPRESSION`	Instructs OpenSSL to disable support for SSL/TLS compression.
`SSL_OP_NO_ENCRYPT_THEN_MAC`	Instructs OpenSSL to disable encrypt-then-MAC.
`SSL_OP_NO_QUERY_MTU`
`SSL_OP_NO_RENEGOTIATION`	Instructs OpenSSL to disable renegotiation.
`SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION`	Instructs OpenSSL to always start a new session when performing renegotiation.
`SSL_OP_NO_SSLv2`	Instructs OpenSSL to turn off SSL v2
`SSL_OP_NO_SSLv3`	Instructs OpenSSL to turn off SSL v3
`SSL_OP_NO_TICKET`	Instructs OpenSSL to disable use of RFC4507bis tickets.
`SSL_OP_NO_TLSv1`	Instructs OpenSSL to turn off TLS v1
`SSL_OP_NO_TLSv1_1`	Instructs OpenSSL to turn off TLS v1.1
`SSL_OP_NO_TLSv1_2`	Instructs OpenSSL to turn off TLS v1.2
`SSL_OP_NO_TLSv1_3`	Instructs OpenSSL to turn off TLS v1.3
`SSL_OP_PKCS1_CHECK_1`
`SSL_OP_PKCS1_CHECK_2`
`SSL_OP_PRIORITIZE_CHACHA`	Instructs OpenSSL server to prioritize ChaCha20Poly1305 when client does. This option has no effect if `SSL_OP_CIPHER_SERVER_PREFERENCE` is not enabled.
`SSL_OP_SINGLE_DH_USE`	Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters.
`SSL_OP_SINGLE_ECDH_USE`	Instructs OpenSSL to always create a new key when using temporary/ephemeral ECDH parameters.
`SSL_OP_SSLEAY_080_CLIENT_DH_BUG`
`SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG`
`SSL_OP_TLS_BLOCK_PADDING_BUG`
`SSL_OP_TLS_D5_BUG`
`SSL_OP_TLS_ROLLBACK_BUG`	Instructs OpenSSL to disable version rollback attack detection.