Remove SSLv3 support from LibreSSL regression tests.

3 files changed, 5 insertions, 56 deletions

diff --git a/src/regress/lib/libssl/ciphers/cipherstest.c b/src/regress/lib/libssl/ciphers/cipherstest.c
index b20ec8bd52..d76fbfc8c0 100644
--- a/src/regress/lib/libssl/ciphers/cipherstest.c
+++ b/src/regress/lib/libssl/ciphers/cipherstest.c
@@ -87,10 +87,6 @@ cipher_get_put_tests(void)
         failed |= get_put_test("SSLv23_client", SSLv23_client_method());
         failed |= get_put_test("SSLv23_server", SSLv23_server_method());
 
-        failed |= get_put_test("SSLv3", SSLv3_method());
-        failed |= get_put_test("SSLv3_client", SSLv3_client_method());
-        failed |= get_put_test("SSLv3_server", SSLv3_server_method());
-
         failed |= get_put_test("TLSv1", TLSv1_method());
         failed |= get_put_test("TLSv1_client", TLSv1_client_method());
         failed |= get_put_test("TLSv1_server", TLSv1_server_method());
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
index 5b03e0e0b8..712e2ca184 100644
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -431,7 +431,6 @@ sv_usage(void)
         fprintf(stderr, " -no_dhe       - disable DHE\n");
         fprintf(stderr, " -no_ecdhe     - disable ECDHE\n");
         fprintf(stderr, " -dtls1        - use DTLSv1\n");
-        fprintf(stderr, " -ssl3         - use SSLv3\n");
         fprintf(stderr, " -tls1         - use TLSv1\n");
         fprintf(stderr, " -CApath arg   - PEM format directory of CA's\n");
         fprintf(stderr, " -CAfile arg   - PEM format file of CA's\n");
@@ -550,7 +549,7 @@ main(int argc, char *argv[])
         int badop = 0;
         int bio_pair = 0;
         int force = 0;
-        int tls1 = 0, ssl3 = 0, dtls1 = 0, ret = 1;
+        int tls1 = 0, dtls1 = 0, ret = 1;
         int client_auth = 0;
         int server_auth = 0, i;
         struct app_verify_arg app_verify_arg =
@@ -618,8 +617,6 @@ main(int argc, char *argv[])
                         no_ecdhe = 1;
                 else if (strcmp(*argv, "-dtls1") == 0)
                         dtls1 = 1;
-                else if (strcmp(*argv, "-ssl3") == 0)
-                        ssl3 = 1;
                 else if (strcmp(*argv, "-tls1") == 0)
                         tls1 = 1;
                 else if (strncmp(*argv, "-num", 4) == 0) {
@@ -733,12 +730,12 @@ bad:
                 goto end;
         }
 
-        if (!dtls1 && !ssl3 && !tls1 &&
+        if (!dtls1 && !tls1 &&
             number > 1 && !reuse && !force) {
                 fprintf(stderr,
                     "This case cannot work.  Use -f to perform "
                     "the test anyway (and\n-d to see what happens), "
-                    "or add one of -dtls1, -ssl3, -tls1, -reuse\n"
+                    "or add one of -dtls1, -tls1, -reuse\n"
                     "to avoid protocol mismatch.\n");
                 exit(1);
         }
@@ -761,8 +758,6 @@ bad:
                 meth = DTLSv1_method();
         else if (tls1)
                 meth = TLSv1_method();
-        else if (ssl3)
-                meth = SSLv3_method();
         else
                 meth = SSLv23_method();
 
@@ -2169,20 +2164,6 @@ do_test_cipherlist(void)
         const SSL_METHOD *meth;
         const SSL_CIPHER *ci, *tci = NULL;
 
-        fprintf(stderr, "testing SSLv3 cipher list order: ");
-        meth = SSLv3_method();
-        tci = NULL;
-        while ((ci = meth->get_cipher(i++)) != NULL) {
-                if (tci != NULL) {
-                        if (ci->id >= tci->id) {
-                                fprintf(stderr,
-                                    "failed %lx vs. %lx\n", ci->id, tci->id);
-                                return 0;
-                        }
-                }
-                tci = ci;
-        }
-        fprintf(stderr, "ok\n");
         fprintf(stderr, "testing TLSv1 cipher list order: ");
         meth = TLSv1_method();
         tci = NULL;
diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl
index 04f82a9da1..756f8e73fa 100644
--- a/src/regress/lib/libssl/ssl/testssl
+++ b/src/regress/lib/libssl/ssl/testssl
@@ -15,18 +15,6 @@ fi
 
 #############################################################################
 
-echo test sslv3
-$ssltest -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication
-$ssltest -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication
-$ssltest -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication
-$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
 echo test sslv2/sslv3
 $ssltest $extra || exit 1
 
@@ -39,18 +27,6 @@ $ssltest -client_auth $CA $extra || exit 1
 echo test sslv2/sslv3 with both client and server authentication
 $ssltest -server_auth -client_auth $CA $extra || exit 1
 
-echo test sslv3 via BIO pair
-$ssltest -bio_pair -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
 echo test sslv2/sslv3 via BIO pair
 $ssltest $extra || exit 1
 
@@ -75,15 +51,11 @@ echo test sslv2/sslv3 with both client and server authentication via BIO pair an
 $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
 
 echo "Testing ciphersuites"
-for protocol in SSLv3 TLSv1.2; do
+for protocol in TLSv1.2; do
   echo "Testing ciphersuites for $protocol"
   for cipher in `$openssl ciphers "$protocol+aRSA" | tr ':' ' '`; do
     echo "Testing $cipher"
-    prot=""
-    if [ $protocol = "SSLv3" ] ; then
-      prot="-ssl3"
-    fi
-    $ssltest -cipher $cipher $prot
+    $ssltest -cipher $cipher
     if [ $? -ne 0 ] ; then
       echo "Failed $cipher"
       exit 1