GitHub Repository: freebsd/freebsd-src
Path: blob/main/crypto/openssl/doc/designs/quic-design/quic-api-ssl-funcs.md
³⁴⁸⁷⁶ views

Behaviour of SSL functions on QUIC SSL objects

This document is a companion to the QUIC API Overview which lists all SSL functions and controls and notes their behaviour with QUIC SSL objects.

The Category column is as follows:

Global: These API items do not relate to SSL objects. They may be stateless or may relate only to global state.
Can also be used for APIs implemented only in terms of other public libssl APIs.
Object: Object management APIs. Some of these may require QUIC-specific implementation.
HL: Handshake layer API.
These calls should generally be dispatched to the handshake layer, unless they are not applicable to QUIC. Modifications inside the handshake layer for the QUIC case may or may not be required.
CSSM: Connection/Stream State Machine. API related to lifecycle of a connection or stream. Needs QUIC-specific implementation.
ADP: App Data Path. Application-side data path API. QUIC-specific implementation.
NDP: Net Data Path. Network-side data path control API. Also includes I/O ticking and timeout handling.
RL: Record layer related API. If these API items only relate to the TLS record layer, they must be disabled for QUIC; if they are also relevant to the QUIC record layer, they will require QUIC-specific implementation.
Async: Relates to the async functionality.
0-RTT: Relates to early data/0-RTT functionality.
Special: Other calls which defy classification.

The Semantics column is as follows:

🟩U: Unchanged. The semantics of the API are not changed for QUIC.
🟧C: Changed. The semantics of the API are changed for QUIC.
🟦N: New. The API is new for QUIC.
🟥TBD: Yet to be determined if semantic changes will be required.

The Applicability column is as follows:

🟦U: Unrelated. Not applicable to QUIC — fully unrelated (e.g. functions for other SSL methods).
🟥FC: Not applicable to QUIC (or not currently supported) — fail closed.
🟧NO: Not applicable to QUIC (nor not currently supported) — no-op.
🟩A: Applicable.

The Implementation Requirements column is as follows:

🟩NC: No changes are expected to be needed (where marked *, dispatch to handshake layer).
Note: Where this value is used with an applicability of FC or NO, this means that the desired behaviour is already an emergent consequence of the existing code.
🟨C: Modifications are expected to be needed (where marked *, dispatch to handshake layer with changes inside the handshake layer).
🟧QSI: QUIC specific implementation.
🟥QSA: QUIC specific API.

The Status column is as follows:

🔴Pending Triage: Have not determined the classification of this API item yet.
🟠Design TBD: It has not yet been determined how this API item will work for QUIC.
🟡TODO: It has been determined how this API item should work for QUIC but it has not yet been implemented.
🟢Done: No further work is anticipated to be needed for this API item.

Notes:

†1: Must restrict which ciphers can be used with QUIC; otherwise, no changes.
†2: ALPN usage must be mandated; otherwise, no changes.
†3: NPN usage should be forced off as it should never be used with QUIC; otherwise, no changes.
†4: Controls needing changes are listed separately.
†5: TLS compression and renegotiation must not be used with QUIC, but these features are already forbidden in TLS 1.3, which is a requirement for QUIC, thus no changes should be needed.
†6: Callback specified is called for handshake layer messages (TLSv1.3).
†7: Tickets are issued using NEW_TOKEN frames in QUIC and this will require handshake layer changes. However these APIs as such do not require changes.
†8: Use of post-handshake authentication is prohibited by QUIC.
†9: QUIC always uses AES-128-GCM initially. We need to determine when and what ciphers we report as being in use.
†10: Not supporting async for now.
†11: Since these functions only configure cipher suite lists used for TLSv1.2, which is never used for QUIC, they do not require changes, and we can allow applications to configure these lists freely, as they will be ignored.

API Item	Cat.	Sema.	Appl.	Impl. Req.	Status
⇒ Global Information and Functions
`OSSL_default_cipher_list`	Global	🟩U	🟦U	🟩NC	🟢Done
`OSSL_default_ciphersuites`	Global	🟩U	🟦U	🟩NC	🟢Done
`ERR_load_SSL_strings`	Global	🟩U	🟦U	🟩NC	🟢Done
`OPENSSL_init_ssl`	Global	🟩U	🟦U	🟩NC	🟢Done
`OPENSSL_cipher_name`	Global	🟩U	🟦U	🟩NC	🟢Done
`SSL_alert_desc_string`	Global	🟩U	🟦U	🟩NC	🟢Done
`SSL_alert_desc_string_long`	Global	🟩U	🟦U	🟩NC	🟢Done
`SSL_alert_type_string`	Global	🟩U	🟦U	🟩NC	🟢Done
`SSL_alert_type_string_long`	Global	🟩U	🟦U	🟩NC	🟢Done
`SSL_extension_supported`	Global	🟩U	🟦U	🟩NC	🟢Done
`SSL_add_ssl_module`	Global	🟩U	🟦U	🟩NC	🟢Done
`SSL_test_functions`	Global	🟩U	🟦U	🟩NC	🟢Done
`SSL_select_next_proto`	Global	🟩U	🟦U	🟩NC	🟢Done
⇒ Methods
`SSLv3_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`SSLv3_client_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`SSLv3_server_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLS_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLS_client_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLS_server_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLSv1_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLSv1_client_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLSv1_server_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLSv1_1_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLSv1_1_client_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLSv1_1_server_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLSv1_2_client_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLSv1_2_server_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`TLSv1_2_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`DTLS_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`DTLS_client_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`DTLS_server_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`DTLSv1_client_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`DTLSv1_server_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`DTLSv1_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`DTLSv1_2_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`DTLSv1_2_client_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`DTLSv1_2_server_method`	Global	🟩U	🟦U	🟩NC	🟢Done
`OSSL_QUIC_client_method`	Global	🟩U	🟦U	🟥QSA	🟢Done
`OSSL_QUIC_client_thread_method`	Global	🟩U	🟦U	🟥QSA	🟢Done
`OSSL_QUIC_server_method`	Global	🟩U	🟦U	🟥QSA	🟠Design TBD
⇒ Instantiation
`BIO_f_ssl`	Object	🟩U	🟩A	🟩NC	🟢Done
`BIO_new_ssl`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_CTX_new`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_CTX_new_ex`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_CTX_up_ref`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_CTX_free`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_new`	Object	🟩U	🟩A	🟧QSI	🟢Done
`SSL_dup`	Object	🟩U	🟩A	🟥FC	🟢Done
`SSL_up_ref`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_free`	Object	🟩U	🟩A	🟧QSI	🟢Done
`SSL_is_dtls`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_CTX_get_ex_data`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_CTX_set_ex_data`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_get_ex_data`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_set_ex_data`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_get_SSL_CTX`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_set_SSL_CTX`	Object	🟩U	🟩A	🟩NC	🟢Done
⇒ Method Manipulation
`SSL_CTX_get_ssl_method`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_get_ssl_method`	Object	🟩U	🟩A	🟩NC	🟢Done
`SSL_set_ssl_method`	Object	🟩U	🟥FC	🟧QSI	🟢Done
⇒ SRTP
`SSL_get_selected_srtp_profile`	HL	🟩U	🟧NO	🟨C*	🟢Done
`SSL_get_srtp_profiles`	HL	🟩U	🟧NO	🟨C*	🟢Done
`SSL_CTX_set_tlsext_use_srtp`	HL	🟩U	🟥FC	🟨C*	🟢Done
`SSL_set_tlsext_use_srtp`	HL	🟩U	🟥FC	🟩NC*	🟢Done
⇒ Ciphersuite Configuration
`SSL_CTX_set_cipher_list`	HL	🟩U	🟩A	🟩NC* †11	🟢Done
`SSL_CTX_set_ciphersuites`	HL	🟩U	🟩A	🟨C* †1	🟢Done
`SSL_CTX_get_ciphers`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_ciphersuites`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get1_supported_ciphers`	HL	🟩U	🟩A	🟨C* †1	🟢Done
`SSL_bytes_to_cipher_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_ciphers`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_cipher_list`	HL	🟩U	🟩A	🟩NC* †11	🟢Done
`SSL_set_cipher_list`	HL	🟩U	🟩A	🟩NC* †11	🟢Done
⇒ Negotiated Ciphersuite Queries
`SSL_get_current_cipher`	HL	🟩U	🟩A	🟩NC* †9	🟢Done
`SSL_get_pending_cipher`	HL	🟩U	🟩A	🟩NC* †9	🟢Done
`SSL_get_shared_ciphers`	HL	🟩U	🟩A	🟩NC* †9	🟢Done
`SSL_get_client_ciphers`	HL	🟩U	🟩A	🟩NC* †9	🟢Done
`SSL_get_current_compression`	HL	🟩U	🟩A	🟩HLNC	🟢Done
`SSL_get_current_expansion`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_shared_sigalgs`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_sigalgs`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_peer_signature_nid`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_peer_signature_type_nid`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_signature_nid`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_signature_type_nid`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ ALPN	†2
`SSL_SESSION_set1_alpn_selected`	HL	🟩U	🟩A	🟨C* †2	🟢Done
`SSL_SESSION_get0_alpn_selected`	HL	🟩U	🟩A	🟨C* †2	🟢Done
`SSL_CTX_set_alpn_select_cb`	HL	🟩U	🟩A	🟨C* †2	🟢Done
`SSL_set_alpn_protos`	HL	🟩U	🟩A	🟨C* †2	🟢Done
`SSL_get0_alpn_selected`	HL	🟩U	🟩A	🟨C* †2	🟢Done
`SSL_CTX_set_alpn_protos`	HL	🟩U	🟩A	🟨C* †2	🟢Done
⇒ NPN	†3
`SSL_CTX_set_next_proto_select_cb`	HL	🟩U	🟥FC	🟨C* †3	🟢Done
`SSL_CTX_set_next_protos_advertised_cb`	HL	🟩U	🟥FC	🟨C* †3	🟢Done
`SSL_get0_next_proto_negotiated`	HL	🟩U	🟥FC	🟩NC* †3	🟢Done
⇒ Narrow Waist Interface	†4
`SSL_CTX_ctrl`	Object	🟩U	🟩A	🟩NC* †4	🟢Done
`SSL_ctrl`	Object	🟩U	🟩A	🟩NC* †4	🟢Done
`SSL_CTX_callback_ctrl`	Object	🟩U	🟩A	🟩NC* †4	🟢Done
`SSL_callback_ctrl`	Object	🟩U	🟩A	🟩NC* †4	🟢Done
⇒ Miscellaneous Accessors
`SSL_get_server_random`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_client_random`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_finished`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_peer_finished`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Ciphersuite Information
`SSL_CIPHER_description`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_find`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_get_auth_nid`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_get_bits`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_get_cipher_nid`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_get_digest_nid`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_get_handshake_digest`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_get_id`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_get_kx_nid`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_get_name`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_get_protocol_id`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_get_version`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_is_aead`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CIPHER_standard_name`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_group_to_name`	Global	🟩U	🟦U	🟩NC*	🟢Done
⇒ Version Queries
`SSL_get_version`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_version`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_client_version`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Certificate Chain Management
`SSL_get_certificate`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_use_certificate`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_certificate_chain_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_use_certificate_chain_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_use_certificate_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_load_verify_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_load_verify_dir`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_load_verify_store`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_load_verify_locations`	HL	🟩U	🟩A	🟩NC*	🟢Done
`CertSSL_use_cert_and_key`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_use_certificate_ASN1`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_use_PrivateKey`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_use_PrivateKey_ASN1`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_use_PrivateKey_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_use_RSAPrivateKey`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_use_RSAPrivateKey_ASN1`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_use_RSAPrivateKey_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_default_verify_dir`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_default_verify_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_default_verify_paths`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_default_verify_store`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_cert_and_key`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_certificate`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_certificate_ASN1`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_certificate_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_PrivateKey`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_PrivateKey_ASN1`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_PrivateKey_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_RSAPrivateKey`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_RSAPrivateKey_ASN1`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_RSAPrivateKey_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_check_chain`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_check_private_key`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_check_private_key`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_add_client_CA`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_add1_to_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_add_dir_cert_subjects_to_stack`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_add_file_cert_subjects_to_stack`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_add_store_cert_subjects_to_stack`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_load_client_CA_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_load_client_CA_file_ex`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_dup_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set0_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_client_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_add_client_CA`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get0_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get0_certificate`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get0_privatekey`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_cert_store`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set1_cert_store`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_client_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_add1_to_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set0_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_client_cert_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_default_passwd_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_default_passwd_cb_userdata`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_client_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_privatekey`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Certificate Compression
`SSL_CTX_set1_cert_comp_preference`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set1_cert_comp_preference`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_compress_certs`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_compress_certs`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set1_compressed_cert`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set1_compressed_cert`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get1_compressed_cert`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get1_compressed_cert`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Certificate Verification
`SSL_set1_host`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_add1_host`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_hostflags`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_verify`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_verify`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_verify_depth`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_verify_result`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_verify_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_verify_depth`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_verify_mode`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_verify_result`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_peer_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_peer_certificate`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_verified_chain`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get1_peer_certificate`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_peer_cert_chain`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_peer_certificate`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_certs_clear`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get0_param`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_param`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_verify_mode`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_verify_depth`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_verify_depth`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_peername`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set1_param`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set1_param`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get0_param`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_param`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_purpose`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_purpose`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_trust`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_trust`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ PSK
`SSL_use_psk_identity_hint`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_psk_identity_hint`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_psk_client_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_psk_find_session_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_psk_server_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_psk_use_session_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_psk_identity`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_psk_identity_hint`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ SRP
`SSL_SRP_CTX_init`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_SRP_CTX_init`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_SRP_CTX_free`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SRP_CTX_free`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_srp_client_pwd_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_srp_password`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_srp_g`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_srp_cb_arg`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_srp_N`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_srp_username_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_srp_username`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_srp_server_param`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_srp_userinfo`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_srp_server_param_with_username`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_srp_strength`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_srp_verify_param_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_srp_server_param_pw`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_srp_username`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SRP_Calc_A_param`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ DANE
`SSL_CTX_dane_enable`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_dane_tlsa`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_dane_set_flags`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_dane_set_flags`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_dane_clear_flags`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_dane_clear_flags`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_dane`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_dane_enable`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_dane_authority`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_dane_mtype_set`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_dane_tlsa_add`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Certificate Transparency
`SSL_CTX_enable_ct`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_ct_is_enabled`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_ctlog_list_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_default_ctlog_list_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_ct_validation_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set0_ctlog_store`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get0_ctlog_store`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_enable_ct`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_ct_is_enabled`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_peer_scts`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_ct_validation_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Compression
`SSL_COMP_add_compression_method`	HL	🟩U	🟩A	🟩NC* †5	🟢Done
`SSL_COMP_get0_name`	HL	🟩U	🟩A	🟩NC* †5	🟢Done
`SSL_COMP_get_compression_methods`	HL	🟩U	🟩A	🟩NC* †5	🟢Done
`SSL_COMP_get_id`	HL	🟩U	🟩A	🟩NC* †5	🟢Done
`SSL_COMP_get_name`	HL	🟩U	🟩A	🟩NC* †5	🟢Done
`SSL_COMP_set0_compression_methods`	HL	🟩U	🟩A	🟩NC* †5	🟢Done
⇒ Exporters
`SSL_export_keying_material`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_export_keying_material_early`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Renegotiation
`SSL_renegotiate`	HL	🟩U	🟥FC	🟩NC* †5	🟢Done
`SSL_renegotiate_abbreviated`	HL	🟩U	🟥FC	🟩NC* †5	🟢Done
`SSL_renegotiate_pending`	HL	🟩U	🟧NO	🟩NC* †5	🟢Done
⇒ Options
`SSL_CTX_clear_options`	HL	🟩U	🟩A	🟨C*	🟢Done
`SSL_CTX_set_options`	HL	🟩U	🟩A	🟨C*	🟢Done
`SSL_CTX_get_options`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_clear_options`	HL	🟩U	🟩A	🟨C*	🟢Done
`SSL_set_options`	HL	🟩U	🟩A	🟨C*	🟢Done
`SSL_get_options`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Configuration
`SSL_CONF_CTX_new`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CONF_CTX_free`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CONF_CTX_set_ssl`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CONF_CTX_set_ssl_ctx`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CONF_CTX_set1_prefix`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CONF_CTX_set_flags`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CONF_CTX_clear_flags`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CONF_CTX_finish`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CONF_cmd`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CONF_cmd_argv`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CONF_cmd_value_type`	Global	🟩U	🟩A	🟩NC*	🟢Done
`SSL_config`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_config`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Callbacks
`SSL_CTX_set_cert_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_cert_store`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_cert_verify_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_client_CA_list`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_client_cert_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_client_cert_engine`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_client_hello_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_cookie_generate_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_cookie_verify_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_default_passwd_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_default_passwd_cb_userdata`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_default_read_buffer_len`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_info_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_info_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_info_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_info_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_msg_callback`	HL	🟩U	🟩A	🟩NC* †6	🟢Done
`SSL_set_cert_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_default_passwd_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_default_passwd_cb_userdata`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_default_passwd_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_default_passwd_cb_userdata`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_keylog_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_keylog_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_psk_client_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_psk_find_session_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_psk_server_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_psk_use_session_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_verify_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_not_resumable_session_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_not_resumable_session_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_session_secret_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Session Management
`d2i_SSL_SESSION`	HL	🟩U	🟩A	🟩NC*	🟢Done
`i2d_SSL_SESSION`	HL	🟩U	🟩A	🟩NC*	🟢Done
`PEM_read_bio_SSL_SESSION`	HL	🟩U	🟩A	🟩NC*	🟢Done
`PEM_read_SSL_SESSION`	HL	🟩U	🟩A	🟩NC*	🟢Done
`PEM_write_bio_SSL_SESSION`	HL	🟩U	🟩A	🟩NC*	🟢Done
`PEM_write_SSL_SESSION`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_new`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_up_ref`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_dup`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_free`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_print`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_print_fp`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_print_keylog`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get0_cipher`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_set_cipher`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get0_hostname`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_set1_hostname`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get0_id_context`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_set1_id_context`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get0_peer`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get0_ticket`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get0_ticket_appdata`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_set1_ticket_appdata`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_has_ticket`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_protocol_version`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_set_protocol_version`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_compress_id`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_id`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_set1_id`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_time`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_set_time`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_timeout`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_set_timeout`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_ex_data`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_set_ex_data`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get0_hostname`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_set1_hostname`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_master_key`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_master_key`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_is_resumable`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_max_early_data`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_max_early_data`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_max_fragment_length`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_SESSION_get_ticket_lifetime_hint`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_add_session`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_remove_session`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get1_session`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_session`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_session`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_sess_get_get_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_sess_set_get_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_sess_get_new_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_sess_set_new_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_sess_get_remove_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_sess_set_remove_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_session_id_context`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_session_id_context`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_generate_session_id`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_generate_session_id`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_has_matching_session_id`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_flush_sessions`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_session_reused`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_timeout`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_timeout`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_default_timeout`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_sessions`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Session Ticket Management
`SSL_get_num_tickets`	HL	🟩U	🟩A	🟩NC* †7	🟢Done
`SSL_set_num_tickets`	HL	🟩U	🟩A	🟩NC* †7	🟢Done
`SSL_CTX_get_num_tickets`	HL	🟩U	🟩A	🟩NC* †7	🟢Done
`SSL_CTX_set_num_tickets`	HL	🟩U	🟩A	🟩NC* †7	🟢Done
`SSL_new_session_ticket`	HL	🟩U	🟩A	🟩NC* †7	🟢Done
`SSL_set_session_ticket_ext`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_session_ticket_ext_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_tlsext_ticket_key_evp_cb`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Security Levels
`SSL_CTX_get_security_level`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_security_level`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_security_level`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_security_level`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get_security_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_security_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_security_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_security_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_get0_security_ex_data`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set0_security_ex_data`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get0_security_ex_data`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set0_security_ex_data`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Custom Extensions
`SSL_CTX_add_custom_ext`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_add_client_custom_ext`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_add_server_custom_ext`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_has_client_custom_ext`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Early ClientHello Processing
`SSL_client_hello_get_extension_order`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_client_hello_get0_ciphers`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_client_hello_get0_compression_methods`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_client_hello_get0_ext`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_client_hello_get0_legacy_version`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_client_hello_get0_random`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_client_hello_get0_session_id`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_client_hello_get1_extensions_present`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_client_hello_isv2`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ SNI
`SSL_get_servername`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_servername_type`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Server Info
`SSL_CTX_use_serverinfo`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_serverinfo_ex`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_use_serverinfo_file`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Post-Handshake Authentication
`SSL_verify_client_post_handshake`	HL	🟩U	🟥FC	🟨C* †8	🟢Done
`SSL_CTX_set_post_handshake_auth`	HL	🟩U	🟥FC	🟨C* †8	🟢Done
`SSL_set_post_handshake_auth`	HL	🟩U	🟥FC	🟨C* †8	🟢Done
⇒ DH Parameters
`SSL_CTX_set_dh_auto`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_dh_auto`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set0_tmp_dh_pkey`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set0_tmp_dh_pkey`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_tmp_dh_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_tmp_dh_callback`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTX_set_tmp_dh`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_tmp_dh`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ State Queries
`SSL_in_init`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_in_before`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_is_init_finished`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_get_state`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_rstate_string`	HL	🟩U	🟩A	🟧QSI	🟢Done
`SSL_rstate_string_long`	HL	🟩U	🟩A	🟧QSI	🟢Done
`SSL_state_string`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_state_string_long`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Data Path and CSSM
`SSL_set_connect_state`	CSSM	🟩U	🟩A	🟧QSI	🟢Done
`SSL_set_accept_state`	CSSM	🟩U	🟩A	🟧QSI	🟢Done
`SSL_is_server`	CSSM	🟩U	🟩A	🟩NC*	🟢Done
`SSL_peek`	ADP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_peek_ex`	ADP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_read`	ADP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_read_ex`	ADP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_write`	ADP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_write_ex`	ADP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_sendfile`	ADP	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_pending`	ADP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_has_pending`	ADP	🟧C	🟩A	🟧QSI	🟢Done
`SSL_accept`	CSSM	🟩U	🟩A	🟧QSI	🟢Done
`SSL_connect`	CSSM	🟩U	🟩A	🟧QSI	🟢Done
`SSL_do_handshake`	CSSM	🟩U	🟩A	🟧QSI	🟢Done
`SSL_set0_wbio`	NDP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_set0_rbio`	NDP	🟧C	🟩A	🟧QSI	🟢Done
`SSL_set_bio`	NDP	🟧C	🟩A	🟧QSI	🟢Done
`SSL_get_wbio`	NDP	🟧C	🟩A	🟧QSI	🟢Done
`SSL_get_rbio`	NDP	🟧C	🟩A	🟧QSI	🟢Done
`SSL_get_error`	NDP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_get_rfd`	NDP	🟩U	🟩A	🟩NC	🟢Done
`SSL_get_wfd`	NDP	🟩U	🟩A	🟩NC	🟢Done
`SSL_get_fd`	NDP	🟩U	🟩A	🟩NC	🟢Done
`SSL_set_rfd`	NDP	🟧C	🟩A	🟧QSI	🟢Done
`SSL_set_wfd`	NDP	🟧C	🟩A	🟧QSI	🟢Done
`SSL_set_fd`	NDP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_key_update`	RL	🟩U	🟩A	🟧QSI	🟢Done
`SSL_get_key_update_type`	RL	🟩U	🟩A	🟧QSI	🟢Done
`SSL_clear` (connection)	CSSM	🟩U	🟥FC	🟧QSI	🟢Done
`SSL_clear` (stream)	CSSM	🟩U	🟥FC	🟧QSI	🟢Done
`SSL_shutdown`	CSSM	🟧C	🟩A	🟧QSI	🟢Done
`SSL_want`	ADP	🟧C	🟩A	🟧QSI	🟢Done
`BIO_new_ssl_connect`	Global	🟩U	🟩A	🟧QSI	🟢Done
`BIO_new_buffer_ssl_connect`	Global	🟩U	🟦U	🟧QSI	🟢Done
`SSL_get_shutdown`	CSSM	🟩U	🟩A	🟧QSI	🟢Done
`SSL_set_shutdown`	CSSM	🟩U	🟩A	🟧QSI	🟢Done
⇒ New APIs
`SSL_is_tls`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_is_quic`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_handle_events`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_event_timeout`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_blocking_mode`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_set_blocking_mode`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_rpoll_descriptor`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_wpoll_descriptor`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_net_read_desired`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_net_write_desired`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_set1_initial_peer_addr`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_shutdown_ex`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_stream_conclude`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_stream_reset`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_stream_read_state`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_stream_write_state`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_stream_read_error_code`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_stream_write_error_code`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_conn_close_info`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_inject_net_dgram`	NDP	🟦N	🟩A	🟥QSA	🟢Done
⇒ New APIs for Multi-Stream
`SSL_get0_connection`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_is_connection`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_stream_id`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_stream_type`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_is_stream_local`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_new_stream`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_accept_stream`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_get_accept_stream_queue_len`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_set_default_stream_mode`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
`SSL_set_incoming_stream_policy`	CSSM	🟦N	🟩A	🟥QSA	🟢Done
⇒ Currently Not Supported
`SSL_copy_session_id`	Special	🟩U	🟥FC	🟨C*	🟢Done
`BIO_ssl_copy_session_id`	Special	🟩U	🟥FC	🟨C*	🟢Done
`SSL_CTX_set_quiet_shutdown`	CSSM	🟩U	🟦U	🟩NC	🟢Done
`SSL_CTX_get_quiet_shutdown`	CSSM	🟩U	🟦U	🟩NC	🟢Done
`SSL_set_quiet_shutdown`	CSSM	🟩U	🟥FC	🟨C	🟢Done
`SSL_get_quiet_shutdown`	CSSM	🟩U	🟧NO	🟨C	🟢Done
`SSL_CTX_set_ssl_version`	HL	🟩U	🟥FC	🟨C	🟢Done
⇒ Async
`SSL_CTX_set_async_callback`	Async	🟩U	🟧NO	🟩NC* †10	🟢Done
`SSL_set_async_callback`	Async	🟩U	🟧NO	🟩NC* †10	🟢Done
`SSL_CTX_set_async_callback_arg`	Async	🟩U	🟧NO	🟩NC* †10	🟢Done
`SSL_set_async_callback_arg`	Async	🟩U	🟧NO	🟩NC* †10	🟢Done
`SSL_waiting_for_async`	Async	🟩U	🟧NO	🟩NC* †10	🟢Done
`SSL_get_async_status`	Async	🟩U	🟧NO	🟩NC* †10	🟢Done
`SSL_get_all_async_fds`	Async	🟩U	🟧NO	🟩NC* †10	🟢Done
`SSL_get_changed_async_fds`	Async	🟩U	🟧NO	🟩NC* †10	🟢Done
⇒ Readahead
`SSL_CTX_get_default_read_ahead`	RL	🟩U	🟧NO	🟩NC*	🟢Done
`SSL_CTX_get_read_ahead`	RL	🟩U	🟧NO	🟩NC*	🟢Done
`SSL_CTX_set_read_ahead`	RL	🟩U	🟧NO	🟨C*	🟢Done
`SSL_get_read_ahead`	RL	🟩U	🟧NO	🟨C*	🟢Done
`SSL_set_read_ahead`	RL	🟩U	🟧NO	🟨C*	🟢Done
`SSL_CTX_set_default_read_buffer_len`	RL	🟩U	🟧NO	🟩NC*	🟢Done
`SSL_set_default_read_buffer_len`	RL	🟩U	🟧NO	🟨C*	🟢Done
⇒ Record Padding and Fragmentation
`SSL_CTX_set_record_padding_callback`	RL	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_set_record_padding_callback`	RL	🟩U	🟥FC	🟨C*	🟢Done
`SSL_CTX_get_record_padding_callback_arg`	RL	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_CTX_set_record_padding_callback_arg`	RL	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_get_record_padding_callback_arg`	RL	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_set_record_padding_callback_arg`	RL	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_CTX_set_block_padding`	RL	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_set_block_padding`	RL	🟩U	🟥FC	🟨C*	🟢Done
`SSL_CTX_set_tlsext_max_fragment_length`	RL	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_set_tlsext_max_fragment_length`	RL	🟩U	🟥FC	🟨C*	🟢Done
⇒ Stateless/HelloRetryRequest
`SSL_stateless`	RL	🟩U	🟥FC	🟨C*	🟢Done
`SSL_CTX_set_stateless_cookie_generate_cb`	RL	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_CTX_set_stateless_cookie_verify_cb`	RL	🟩U	🟥FC	🟩NC*	🟢Done
⇒ Early Data/0-RTT
`SSL_CTX_set_allow_early_data_cb`	0-RTT	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_set_allow_early_data_cb`	0-RTT	🟩U	🟥FC	🟨C*	🟢Done
`SSL_CTX_get_recv_max_early_data`	0-RTT	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_CTX_set_recv_max_early_data`	0-RTT	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_get_recv_max_early_data`	0-RTT	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_set_recv_max_early_data`	0-RTT	🟩U	🟥FC	🟨C*	🟢Done
`SSL_CTX_get_max_early_data`	0-RTT	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_CTX_set_max_early_data`	0-RTT	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_get_max_early_data`	0-RTT	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_set_max_early_data`	0-RTT	🟩U	🟥FC	🟨C*	🟢Done
`SSL_read_early_data`	0-RTT	🟩U	🟥FC	🟨C*	🟢Done
`SSL_write_early_data`	0-RTT	🟩U	🟥FC	🟨C*	🟢Done
`SSL_get_early_data_status`	0-RTT	🟩U	🟥FC	🟩NC*	🟢Done
⇒ Miscellaneous
`DTLSv1_listen`	RL	🟩U	🟦U	🟩NC	🟢Done
`DTLS_set_timer_cb`	NDP	🟩U	🟦U	🟩NC	🟢Done
`DTLS_get_data_mtu`	NDP	🟩U	🟦U	🟩NC	🟢Done
`SSL_get_ex_data_X509_STORE_CTX_idx`	Global	🟩U	🟦U	🟩NC	🟢Done
`BIO_ssl_shutdown`	Global	🟩U	🟩A	🟩NC	🟢Done
`SSL_alloc_buffers`	HL	🟩U	🟩A	🟨C*	🟢Done
`SSL_free_buffers`	HL	🟩U	🟩A	🟨C*	🟢Done
`SSL_trace`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_set_debug`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ Controls
`SSL_CTRL_MODE`	Special	🟩U	🟩A	🟧QSI	🟢Done
`SSL_CTRL_CLEAR_MODE`	Special	🟩U	🟩A	🟧QSI	🟢Done
`SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS`	HL	🟩U	🟧NO	🟩NC*	🟢Done
`SSL_CTRL_GET_NUM_RENEGOTIATIONS`	HL	🟩U	🟧NO	🟩NC*	🟢Done
`SSL_CTRL_GET_TOTAL_RENEGOTIATIONS`	HL	🟩U	🟧NO	🟩NC*	🟢Done
`SSL_CTRL_GET_RI_SUPPORT`	HL	🟩U	🟧NO	🟩NC*	🟢Done
`SSL_CTRL_GET_READ_AHEAD`	HL	🟩U	🟧NO	🟩NC*	🟢Done
`SSL_CTRL_SET_READ_AHEAD`	HL	🟩U	🟥FC	🟨C*	🟢Done
`SSL_CTRL_SET_MAX_PIPELINES`	RL	🟩U	🟥FC	🟨C*	🟢Done
`SSL_CTRL_SET_MAX_SEND_FRAGMENT`	RL	🟩U	🟥FC	🟨C*	🟢Done
`SSL_CTRL_SET_SPLIT_SEND_FRAGMENT`	RL	🟩U	🟥FC	🟨C*	🟢Done
`SSL_CTRL_SET_MTU`	RL	🟩U	🟥FC	🟩NC*	🟢Done
`SSL_CTRL_SET_MAX_PROTO_VERSION`	HL	🟩U	🟩A	🟨C*	🟢Done
`SSL_CTRL_SET_MIN_PROTO_VERSION`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_MAX_PROTO_VERSION`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_MIN_PROTO_VERSION`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_BUILD_CERT_CHAIN`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_CERT_FLAGS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_CHAIN`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_CHAIN_CERT`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_CLEAR_CERT_FLAGS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_EXTRA_CHAIN_CERT`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_CHAIN_CERTS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_CHAIN_CERT_STORE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_CLIENT_CERT_REQUEST`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_CLIENT_CERT_TYPES`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_EC_POINT_FORMATS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_EXTMS_SUPPORT`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_EXTRA_CHAIN_CERTS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_FLAGS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_GROUPS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_IANA_GROUPS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_MAX_CERT_LIST`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_NEGOTIATED_GROUP`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_PEER_SIGNATURE_NID`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_PEER_TMP_KEY`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_RAW_CIPHERLIST`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_SESS_CACHE_MODE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_SESS_CACHE_SIZE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_SHARED_GROUP`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_SIGNATURE_NID`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_TLSEXT_TICKET_KEYS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_TMP_KEY`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_GET_VERIFY_CERT_STORE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SELECT_CURRENT_CERT`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_ACCEPT`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_ACCEPT_GOOD`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_ACCEPT_RENEGOTIATE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_CACHE_FULL`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_CB_HIT`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_CONNECT`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_CONNECT_GOOD`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_CONNECT_RENEGOTIATE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_HIT`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_MISSES`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_NUMBER`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SESS_TIMEOUTS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_CHAIN_CERT_STORE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_CLIENT_CERT_TYPES`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_CLIENT_SIGALGS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_CLIENT_SIGALGS_LIST`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_CURRENT_CERT`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_DH_AUTO`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_GROUPS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_GROUPS_LIST`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_MAX_CERT_LIST`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_MSG_CALLBACK`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_MSG_CALLBACK_ARG`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_RETRY_VERIFY`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_SESS_CACHE_MODE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_SESS_CACHE_SIZE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_SIGALGS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_SIGALGS_LIST`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_SRP_ARG`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_SRP_VERIFY_PARAM_CB`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_DEBUG_ARG`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_DEBUG_CB`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_HOSTNAME`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_SERVERNAME_CB`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLS_EXT_SRP_USERNAME`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TLSEXT_TICKET_KEYS`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TMP_DH`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TMP_DH_CB`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_TMP_ECDH`	HL	🟩U	🟩A	🟩NC*	🟢Done
`SSL_CTRL_SET_VERIFY_CERT_STORE`	HL	🟩U	🟩A	🟩NC*	🟢Done
⇒ SSL Modes
`SSL_MODE_ENABLE_PARTIAL_WRITE`	ADP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`	ADP	🟩U	🟩A	🟧QSI	🟢Done
`SSL_MODE_RELEASE_BUFFERS`	ADP	🟩U	🟧NO	🟩NC	🟢Done
`SSL_MODE_ASYNC`	ADP	🟩U	🟧NO	🟩NC	🟢Done
`SSL_MODE_AUTO_RETRY`	ADP	🟩U	🟧NO	🟩NC	🟢Done
`SSL_MODE_SEND_FALLBACK_SCSV`	HL	🟩U	🟩U	🟩NC	🟢Done

What should `SSL_get_current_cipher`, `SSL_get_pending_cipher`, etc. do?

QUIC always uses AES-128-GCM for Initial packets. At this time the handshake layer has not negotiated a ciphersuite so it has no “current” cipher. We could return AES-128-GCM here, but it seems reasonable to just return NULL as the encryption is mostly for protection against accidental modification and not “real” encryption. From the perspective of the Handshake layer encryption is not active yet. An application using QUIC can always interpret NULL as meaning AES-128-GCM is being used if needed as this is implied by using QUIC.

A. We return NULL here, because it allows applications to detect if a ciphersuite has been negotiated and NULL can be used to infer that Initial encryption is still being used. This also minimises the changes needed to the implementation.

What should `SSL_CTX_set_cipher_list` do?

Since this function configures the cipher list for TLSv1.2 and below only, there is no need to restrict it as TLSv1.3 is required for QUIC. For the sake of application compatibility, applications can still configure the TLSv1.2 cipher list; it will always be ignored. This function can still be used to set the SECLEVEL; no changes are needed to facilitate this.

What SSL options should be supported?

Options we explicitly want to support:

SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_OP_DISABLE_TLSEXT_CA_NAMES
SSL_OP_NO_TX_CERTIFICATE_COMPRESSION
SSL_OP_NO_RX_CERTIFICATE_COMPRESSION
SSL_OP_PRIORITIZE_CHACHA
SSL_OP_NO_TICKET
SSL_OP_CLEANSE_PLAINTEXT

Options we do not yet support but could support in the future, currently no-ops:

SSL_OP_NO_QUERY_MTU
SSL_OP_NO_ANTI_REPLAY

The following options must be explicitly forbidden:

SSL_OP_NO_TLSv1_3 — TLSv1.3 is required for QUIC
SSL_OP_ENABLE_MIDDLEBOX_COMPAT — forbidden by QUIC RFCs
SSL_OP_ENABLE_KTLS — not currently supported for QUIC
SSL_OP_SAFARI_ECDHE_ECDSA_BUG
SSL_OP_TLSEXT_PADDING
SSL_OP_TLS_ROLLBACK_BUG
SSL_OP_IGNORE_UNEXPECTED_EOF
SSL_OP_ALLOW_NO_DHE_KEX

The following options are ignored for TLSv1.3 or otherwise not applicable and may therefore be settable but ignored. We take this approach on the grounds that it is harmless and applications might want to see that options have been correctly set for protocols unrelated to QUIC.

SSL_OP_CRYPTOPRO_TLSEXT_BUG
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
SSL_OP_ALLOW_CLIENT_RENEGOTIATION
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
SSL_OP_CISCO_ANYCONNECT
SSL_OP_COOKIE_EXCHANGE
SSL_OP_LEGACY_SERVER_CONNECT
SSL_OP_NO_COMPRESSION
SSL_OP_NO_ENCRYPT_THEN_MAC
SSL_OP_NO_EXTENDED_MASTER_SECRET
SSL_OP_NO_RENEGOTIATION
SSL_OP_NO_RESSION_RESUMPTION_ON_NEGOTIATION
SSL_OP_NO_SSLv3
SSL_OP_NO_TLSv1
SSL_OP_NO_TLSv1_1
SSL_OP_NO_TLSv1_2
SSL_OP_NO_DTLSv1
SSL_OP_NO_DTLSv1_2

What should `SSL_rstate_string` and `SSL_state_string` do?

SSL_state_string is highly handshake layer specific, so it makes sense to just forward to the handshake layer.

SSL_rstate_string is record layer specific. A cursory evaluation of usage via GitHub code search did not appear to identify much usage of this function other than for debug output; i.e., there seems to be little usage of this in a way that depends on the output for the purposes of control flow. Since there is not really any direct correspondence to the QUIC record layer, we conservatively define the output of this function as "unknown".

TODO: forbid NPN TODO: enforce TLSv1.3 TODO: forbid PHA - DONE TODO: forbid middlebox compat mode in a deeper way? TODO: new_session_ticket doesn't need modifying as such, but ticket machinery will

What should `SSL_pending` and `SSL_has_pending` do?

SSL_pending traditionally yields the number of bytes buffered inside an SSL object available for immediate reading. For QUIC, we can just make this report the current size of the receive stream buffer.

SSL_has_pending returns a boolean value indicating whether there is processed or unprocessed incoming data pending. There is no direct correspondence to QUIC, so there are various implementation options:

SSL_pending() > 0
SSL_pending() > 0 || pending URXEs or RXEs exist

The latter can probably be viewed as more of a direct correspondence to the design intent of the API, so we go with this.

What should `SSL_alloc_buffers` and `SSL_free_buffers` do?

These do not really correspond to our internal architecture for QUIC. Since internal buffers are always available, SSL_alloc_buffers can simply always return 1. SSL_free_buffers can always return 0, as though the buffers are in use, which they generally will be.

What should `SSL_key_update` and `SSL_get_key_update_type`?

SSL_key_update can trigger a TX record layer key update, which will cause the peer to respond with a key update in turn. The update occurs asynchronously at next transmission, not immediately.

SSL_get_key_update_type returns an enumerated value which is only relevant to the TLSv1.3 protocol; for QUIC, it will always return SSL_KEY_UPDATE_NONE.

What should `SSL_MODE_AUTO_RETRY` do?

The absence of SSL_MODE_AUTO_RETRY causes SSL_read/SSL_write on a normal TLS connection to potentially return due to internal handshake message processing. This does not really make sense for our QUIC implementation, therefore we always act as though SSL_MODE_AUTO_RETRY is on, and this mode is ignored.

What should `SSL_MODE_SEND_FALLBACK_SCSV` do?

This is not relevant to QUIC because this functionality relates to protocol version downgrade attack protection and QUIC only supports TLSv1.3. Thus, it is ignored.

What should `SSL_CTX_set_ssl_version` do?

This is a deprecated function, so it needn't be supported for QUIC. Fail closed.

What should `SSL_set_ssl_method` do?

We do not currently support this for QUIC.

What should `SSL_set_shutdown` do?

This is not supported and is a no-op for QUIC.

What should `SSL_dup` and `SSL_clear` do?

These may be tricky to support. Currently they are blocked.

Behaviour of SSL functions on QUIC SSL objects

What should `SSL_get_current_cipher`, `SSL_get_pending_cipher`, etc. do?

What should `SSL_CTX_set_cipher_list` do?

What SSL options should be supported?

What should `SSL_rstate_string` and `SSL_state_string` do?

What should `SSL_pending` and `SSL_has_pending` do?

What should `SSL_alloc_buffers` and `SSL_free_buffers` do?

What should `SSL_key_update` and `SSL_get_key_update_type`?

What should `SSL_MODE_AUTO_RETRY` do?

What should `SSL_MODE_SEND_FALLBACK_SCSV` do?

What should `SSL_CTX_set_ssl_version` do?

What should `SSL_set_ssl_method` do?

What should `SSL_set_shutdown` do?

What should `SSL_dup` and `SSL_clear` do?

Product

Resources

Company

Behaviour of SSL functions on QUIC SSL objects

Q&A For TLS-Related Calls

What should SSL_get_current_cipher, SSL_get_pending_cipher, etc. do?

What should SSL_CTX_set_cipher_list do?

What SSL options should be supported?

What should SSL_rstate_string and SSL_state_string do?

What should SSL_pending and SSL_has_pending do?

What should SSL_alloc_buffers and SSL_free_buffers do?

What should SSL_key_update and SSL_get_key_update_type?

What should SSL_MODE_AUTO_RETRY do?

What should SSL_MODE_SEND_FALLBACK_SCSV do?

What should SSL_CTX_set_ssl_version do?

What should SSL_set_ssl_method do?

What should SSL_set_shutdown do?

What should SSL_dup and SSL_clear do?

What should `SSL_get_current_cipher`, `SSL_get_pending_cipher`, etc. do?

What should `SSL_CTX_set_cipher_list` do?

What should `SSL_rstate_string` and `SSL_state_string` do?

What should `SSL_pending` and `SSL_has_pending` do?

What should `SSL_alloc_buffers` and `SSL_free_buffers` do?

What should `SSL_key_update` and `SSL_get_key_update_type`?

What should `SSL_MODE_AUTO_RETRY` do?

What should `SSL_MODE_SEND_FALLBACK_SCSV` do?

What should `SSL_CTX_set_ssl_version` do?

What should `SSL_set_ssl_method` do?

What should `SSL_set_shutdown` do?

What should `SSL_dup` and `SSL_clear` do?