Remove the ability to do tls 1.0 and 1.1 from libtls.

With this change any requests from configurations to request
versions of tls before tls 1.2 will use tls 1.2. This prepares
us to deprecate tls 1.0 and tls 1.1 support from libssl.

ok tb@

1 files changed, 9 insertions, 5 deletions

diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index b94a6fa6d0..34183745e5 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.62 2022/03/24 15:56:34 tb Exp $ */
+/* $OpenBSD: tls.h,v 1.63 2023/07/02 06:37:27 beck Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -29,14 +29,18 @@ extern "C" {
 
 #define TLS_API 20200120
 
-#define TLS_PROTOCOL_TLSv1_0    (1 << 1)
-#define TLS_PROTOCOL_TLSv1_1    (1 << 2)
+/*
+ * Deprecated versions of TLS. Using these effectively selects
+ * the minimum supported version.
+ */
+#define TLS_PROTOCOL_TLSv1_0    (1 << 3)
+#define TLS_PROTOCOL_TLSv1_1    (1 << 3)
+/* Supported versions of TLS */
 #define TLS_PROTOCOL_TLSv1_2    (1 << 3)
 #define TLS_PROTOCOL_TLSv1_3    (1 << 4)
 
 #define TLS_PROTOCOL_TLSv1 \
-        (TLS_PROTOCOL_TLSv1_0|TLS_PROTOCOL_TLSv1_1|\
-         TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3)
+        (TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3)
 
 #define TLS_PROTOCOLS_ALL TLS_PROTOCOL_TLSv1
 #define TLS_PROTOCOLS_DEFAULT (TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3)