Disable TLS 1.0 and TLS 1.1 in libssl

Their time has long since past, and they should not be used. This change restricts ssl to versions 1.2 and 1.3, and changes the regression tests to understand we no longer speak the legacy protocols. For the moment the magical "golden" byte for byte comparison tests of raw handshake values are disabled util jsing fixes them. ok jsing@ tb@
author: beck <> 2023-07-02 17:21:33 +0000
committer: beck <> 2023-07-02 17:21:33 +0000
commit: ddcb4efd6551a982bf29b2e8e83c9c808a1670dc (patch)
tree: 33bb9f6c1c9fd44a8c7064445713f67f9fe0b371 /src/lib/libssl/s3_lib.c
parent: 025f3b8ef1e0ff3017dd0079925fbf85f15a6d22 (diff)
download: openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.tar.gz
openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.tar.bz2
openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 37ca7bd113..7561060120 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.244 2023/05/26 13:44:05 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.245 2023/07/02 17:21:32 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1672,7 +1672,7 @@ ssl3_clear(SSL *s)
        s->s3->in_read_app_data = 0;
        s->packet_length = 0;
-        s->version = TLS1_VERSION;
+        s->version = TLS1_2_VERSION;
        s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
 }
author	beck <>	2023-07-02 17:21:33 +0000
committer	beck <>	2023-07-02 17:21:33 +0000
commit	ddcb4efd6551a982bf29b2e8e83c9c808a1670dc (patch)
tree	33bb9f6c1c9fd44a8c7064445713f67f9fe0b371 /src/lib/libssl/s3_lib.c
parent	025f3b8ef1e0ff3017dd0079925fbf85f15a6d22 (diff)
download	openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.tar.gz openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.tar.bz2 openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 37ca7bd113..7561060120 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.244 2023/05/26 13:44:05 tb Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.245 2023/07/02 17:21:32 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1672,7 +1672,7 @@ ssl3_clear(SSL *s)
1672	s->s3->in_read_app_data = 0;	1672	s->s3->in_read_app_data = 0;
1673		1673
1674	s->packet_length = 0;	1674	s->packet_length = 0;
1675	s->version = TLS1_VERSION;	1675	s->version = TLS1_2_VERSION;
1676		1676
1677	s->s3->hs.state = SSL_ST_BEFORE\|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);	1677	s->s3->hs.state = SSL_ST_BEFORE\|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
1678	}	1678	}