---
title: Security Options
framework: network
role: collectionGroup
path: network/security-options
---

# Security Options

Configure security options for TLS handshakes.

## Topics

### Configuring TLS Handshake Options

- [sec_protocol_options_t](security/sec_protocol_options_t.md)
- [OS_sec_protocol_options](security/os_sec_protocol_options.md)
- [sec_protocol_options_set_tls_server_name(_:_:)](security/sec_protocol_options_set_tls_server_name(_:_:).md)
- [sec_protocol_options_add_pre_shared_key(_:_:_:)](security/sec_protocol_options_add_pre_shared_key(_:_:_:).md)
- [sec_protocol_options_add_tls_application_protocol(_:_:)](security/sec_protocol_options_add_tls_application_protocol(_:_:).md)
- [sec_protocol_options_append_tls_ciphersuite(_:_:)](security/sec_protocol_options_append_tls_ciphersuite(_:_:).md)
- [sec_protocol_options_append_tls_ciphersuite_group(_:_:)](security/sec_protocol_options_append_tls_ciphersuite_group(_:_:).md)
- [sec_protocol_options_add_tls_ciphersuite(_:_:)](security/sec_protocol_options_add_tls_ciphersuite(_:_:).md)
- [sec_protocol_options_add_tls_ciphersuite_group(_:_:)](security/sec_protocol_options_add_tls_ciphersuite_group(_:_:).md)
- [sec_protocol_options_set_tls_diffie_hellman_parameters(_:_:)](security/sec_protocol_options_set_tls_diffie_hellman_parameters(_:_:).md)
- [sec_protocol_options_are_equal(_:_:)](security/sec_protocol_options_are_equal(_:_:).md)

### Configuring TLS Versions

- [sec_protocol_options_set_min_tls_protocol_version(_:_:)](security/sec_protocol_options_set_min_tls_protocol_version(_:_:).md)
- [sec_protocol_options_set_max_tls_protocol_version(_:_:)](security/sec_protocol_options_set_max_tls_protocol_version(_:_:).md)
- [sec_protocol_options_get_default_min_tls_protocol_version()](security/sec_protocol_options_get_default_min_tls_protocol_version().md)
- [sec_protocol_options_get_default_max_tls_protocol_version()](security/sec_protocol_options_get_default_max_tls_protocol_version().md)
- [sec_protocol_options_get_default_min_dtls_protocol_version()](security/sec_protocol_options_get_default_min_dtls_protocol_version().md)
- [sec_protocol_options_get_default_max_dtls_protocol_version()](security/sec_protocol_options_get_default_max_dtls_protocol_version().md)
- [sec_protocol_options_set_tls_min_version(_:_:)](security/sec_protocol_options_set_tls_min_version(_:_:).md)
- [sec_protocol_options_set_tls_max_version(_:_:)](security/sec_protocol_options_set_tls_max_version(_:_:).md)

### Configuring TLS Behavior

- [sec_protocol_options_set_tls_resumption_enabled(_:_:)](security/sec_protocol_options_set_tls_resumption_enabled(_:_:).md)
- [sec_protocol_options_set_tls_tickets_enabled(_:_:)](security/sec_protocol_options_set_tls_tickets_enabled(_:_:).md)
- [sec_protocol_options_set_tls_false_start_enabled(_:_:)](security/sec_protocol_options_set_tls_false_start_enabled(_:_:).md)
- [sec_protocol_options_set_tls_sct_enabled(_:_:)](security/sec_protocol_options_set_tls_sct_enabled(_:_:).md)
- [sec_protocol_options_set_tls_ocsp_enabled(_:_:)](security/sec_protocol_options_set_tls_ocsp_enabled(_:_:).md)
- [sec_protocol_options_set_tls_renegotiation_enabled(_:_:)](security/sec_protocol_options_set_tls_renegotiation_enabled(_:_:).md)
- [sec_protocol_options_set_peer_authentication_required(_:_:)](security/sec_protocol_options_set_peer_authentication_required(_:_:).md)
- [sec_protocol_options_set_tls_is_fallback_attempt(_:_:)](security/sec_protocol_options_set_tls_is_fallback_attempt(_:_:).md)
- [sec_protocol_options_set_tls_pre_shared_key_identity_hint(_:_:)](security/sec_protocol_options_set_tls_pre_shared_key_identity_hint(_:_:).md)

### Handling TLS Events

- [sec_protocol_options_set_verify_block(_:_:_:)](security/sec_protocol_options_set_verify_block(_:_:_:).md)
- [sec_protocol_verify_t](security/sec_protocol_verify_t.md)
- [sec_protocol_verify_complete_t](security/sec_protocol_verify_complete_t.md)
- [sec_protocol_options_set_challenge_block(_:_:_:)](security/sec_protocol_options_set_challenge_block(_:_:_:).md)
- [sec_protocol_challenge_t](security/sec_protocol_challenge_t.md)
- [sec_protocol_challenge_complete_t](security/sec_protocol_challenge_complete_t.md)
- [sec_protocol_options_set_key_update_block(_:_:_:)](security/sec_protocol_options_set_key_update_block(_:_:_:).md)
- [sec_protocol_key_update_t](security/sec_protocol_key_update_t.md)
- [sec_protocol_key_update_complete_t](security/sec_protocol_key_update_complete_t.md)
- [sec_protocol_options_set_pre_shared_key_selection_block(_:_:_:)](security/sec_protocol_options_set_pre_shared_key_selection_block(_:_:_:).md)
- [sec_protocol_pre_shared_key_selection_t](security/sec_protocol_pre_shared_key_selection_t.md)
- [sec_protocol_pre_shared_key_selection_complete_t](security/sec_protocol_pre_shared_key_selection_complete_t.md)

### Inspecting TLS State

- [sec_protocol_metadata_t](security/sec_protocol_metadata_t.md)
- [OS_sec_protocol_metadata](security/os_sec_protocol_metadata.md)
- [sec_protocol_metadata_get_negotiated_protocol(_:)](security/sec_protocol_metadata_get_negotiated_protocol(_:).md)
- [sec_protocol_metadata_get_server_name(_:)](security/sec_protocol_metadata_get_server_name(_:).md)
- [sec_protocol_metadata_get_negotiated_tls_protocol_version(_:)](security/sec_protocol_metadata_get_negotiated_tls_protocol_version(_:).md)
- [sec_protocol_metadata_get_negotiated_tls_ciphersuite(_:)](security/sec_protocol_metadata_get_negotiated_tls_ciphersuite(_:).md)
- [sec_protocol_metadata_get_negotiated_protocol_version(_:)](security/sec_protocol_metadata_get_negotiated_protocol_version(_:).md)
- [sec_protocol_metadata_get_negotiated_ciphersuite(_:)](security/sec_protocol_metadata_get_negotiated_ciphersuite(_:).md)
- [sec_protocol_metadata_get_early_data_accepted(_:)](security/sec_protocol_metadata_get_early_data_accepted(_:).md)
- [sec_protocol_metadata_copy_peer_public_key(_:)](security/sec_protocol_metadata_copy_peer_public_key(_:).md)

### Handling TLS Challenges

- [sec_protocol_metadata_access_distinguished_names(_:_:)](security/sec_protocol_metadata_access_distinguished_names(_:_:).md)
- [sec_protocol_metadata_access_ocsp_response(_:_:)](security/sec_protocol_metadata_access_ocsp_response(_:_:).md)
- [sec_protocol_metadata_access_peer_certificate_chain(_:_:)](security/sec_protocol_metadata_access_peer_certificate_chain(_:_:).md)
- [sec_protocol_metadata_access_supported_signature_algorithms(_:_:)](security/sec_protocol_metadata_access_supported_signature_algorithms(_:_:).md)
- [sec_protocol_metadata_access_pre_shared_keys(_:_:)](security/sec_protocol_metadata_access_pre_shared_keys(_:_:).md)
- [sec_protocol_metadata_create_secret(_:_:_:_:)](security/sec_protocol_metadata_create_secret(_:_:_:_:).md)
- [sec_protocol_metadata_create_secret_with_context(_:_:_:_:_:_:)](security/sec_protocol_metadata_create_secret_with_context(_:_:_:_:_:_:).md)
- [sec_protocol_metadata_peers_are_equal(_:_:)](security/sec_protocol_metadata_peers_are_equal(_:_:).md)
- [sec_protocol_metadata_challenge_parameters_are_equal(_:_:)](security/sec_protocol_metadata_challenge_parameters_are_equal(_:_:).md)

### Handling Certificates

- [sec_certificate_t](security/sec_certificate_t.md)
- [OS_sec_certificate](security/os_sec_certificate.md)
- [sec_certificate_create(_:)](security/sec_certificate_create(_:).md)
- [sec_certificate_copy_ref(_:)](security/sec_certificate_copy_ref(_:).md)

### Handling Identities

- [sec_protocol_options_set_local_identity(_:_:)](security/sec_protocol_options_set_local_identity(_:_:).md)
- [sec_identity_t](security/sec_identity_t.md)
- [OS_sec_identity](security/os_sec_identity.md)
- [sec_identity_create(_:)](security/sec_identity_create(_:).md)
- [sec_identity_create_with_certificates(_:_:)](security/sec_identity_create_with_certificates(_:_:).md)
- [sec_identity_copy_ref(_:)](security/sec_identity_copy_ref(_:).md)
- [sec_identity_access_certificates(_:_:)](security/sec_identity_access_certificates(_:_:).md)
- [sec_identity_copy_certificates_ref(_:)](security/sec_identity_copy_certificates_ref(_:).md)

### Handling Trust

- [sec_trust_t](security/sec_trust_t.md)
- [OS_sec_trust](security/os_sec_trust.md)
- [sec_trust_create(_:)](security/sec_trust_create(_:).md)
- [sec_trust_copy_ref(_:)](security/sec_trust_copy_ref(_:).md)

### Managing Security Objects

- [sec_release(_:)](security/sec_release(_:).md)
- [sec_retain(_:)](security/sec_retain(_:).md)
- [sec_object_t](security/sec_object_t.md)
- [OS_sec_object](security/os_sec_object.md)

## See Also

### Network Security and Privacy

- [Privacy Management](network/privacy-management.md)
- [Creating an Identity for Local Network TLS](network/creating-an-identity-for-local-network-tls.md)