Call this function to set SSL session options.

int SSL_SessionOpt(int sessionID, int option, int value,
                   int *error);



Session ID for SSL session


    1: Client Authentication
    2: Server Proposals
    3: Skip Certificate Validation


option value
    0: disable option (default)
    1: enable option


Output parameter:  Failure code, 0 on success.

Return Value

0: Success
-1: failed


By default, each of these options is disabled.

The Client Authentication option 1 is used to enable client authentication on a SSL server session. It takes effect only if the session is bound to an SSL server socket, in which case, upon receiving the ClientHello message, the SSL server is going to send back a CertificateRequest message along with its own Certificate, ServerHello and ServerHelloDone messages.

The Server Proposals option 2 is used to allow the SSL server to have more control over which cipher suite is used. If this option is disabled (default) on an SSL server session, upon receiving a ClientHello message the SSL server just chooses the first supported cipher suite in this ordered list received from the client. Therefore the client controls the cipher preference. No use is made of the server's proposal list in this case.

When the Server Proposals option is enabled at the server, then the server selects the first cipher from its own cipher suite proposal list that matches a proposal in the ClientHello message.   For example, the Server Proposals option is enabled and the server's ordered cipher suites proposal list is 1,2,3,4. And the client's cipher suites proposal ordered list found in the ClientHello message is 4,3,2. Then the server will select cipher suite 2, based on the server's preferences (and ignoring the client's preference).

Note that both the FTP server and WEB server operate with Server Proposals option 2 selected.

The Skip Certificate Validation option 3 may be used to avoid attempting to trace a received certificate back to its root. A received certificate will be accepted without this root verification when this session option has been selected.

See Also


This library function invokes a RTOS software interrupt. Refer to this RTOS API function's documentation for more details.

Supported since or modified in @CHIP-RTOS version


Supported by @CHIP-RTOS C Library since version


This API List
List of C Libraries
@CHIP-RTOS Main Index

End of document