Remove the ability to do tls 1.0 and 1.1 from libtls.

With this change any requests from configurations to request versions of tls before tls 1.2 will use tls 1.2. This prepares us to deprecate tls 1.0 and tls 1.1 support from libssl. ok tb@
author: beck <> 2023-07-02 06:37:27 +0000
committer: beck <> 2023-07-02 06:37:27 +0000
commit: 5fa4afa0f3caaa43f2ba9d4ee6db352737839f89 (patch)
tree: 4bacb3a3d0ace64e696059ed29bf6c2df878b8b4 /src/lib/libtls/tls_config.c
parent: 0ded9dcf305231c596837cf0e9a372d5fc79b18b (diff)
download: openbsd-5fa4afa0f3caaa43f2ba9d4ee6db352737839f89.tar.gz
openbsd-5fa4afa0f3caaa43f2ba9d4ee6db352737839f89.tar.bz2
openbsd-5fa4afa0f3caaa43f2ba9d4ee6db352737839f89.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 3efd0ddd57..5eb5b69ac6 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.66 2023/05/14 07:26:25 op Exp $ */
+/* $OpenBSD: tls_config.c,v 1.67 2023/07/02 06:37:27 beck Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -251,9 +251,9 @@ tls_config_parse_protocols(uint32_t *protocols, const char *protostr)
                if (strcasecmp(p, "tlsv1") == 0)
                        proto = TLS_PROTOCOL_TLSv1;
                else if (strcasecmp(p, "tlsv1.0") == 0)
-                        proto = TLS_PROTOCOL_TLSv1_0;
+                        proto = TLS_PROTOCOL_TLSv1_2;
                else if (strcasecmp(p, "tlsv1.1") == 0)
-                        proto = TLS_PROTOCOL_TLSv1_1;
+                        proto = TLS_PROTOCOL_TLSv1_2;
                else if (strcasecmp(p, "tlsv1.2") == 0)
                        proto = TLS_PROTOCOL_TLSv1_2;
                else if (strcasecmp(p, "tlsv1.3") == 0)
author	beck <>	2023-07-02 06:37:27 +0000
committer	beck <>	2023-07-02 06:37:27 +0000
commit	5fa4afa0f3caaa43f2ba9d4ee6db352737839f89 (patch)
tree	4bacb3a3d0ace64e696059ed29bf6c2df878b8b4 /src/lib/libtls/tls_config.c
parent	0ded9dcf305231c596837cf0e9a372d5fc79b18b (diff)
download	openbsd-5fa4afa0f3caaa43f2ba9d4ee6db352737839f89.tar.gz openbsd-5fa4afa0f3caaa43f2ba9d4ee6db352737839f89.tar.bz2 openbsd-5fa4afa0f3caaa43f2ba9d4ee6db352737839f89.zip

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 3efd0ddd57..5eb5b69ac6 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_config.c,v 1.66 2023/05/14 07:26:25 op Exp $ */	1	/* $OpenBSD: tls_config.c,v 1.67 2023/07/02 06:37:27 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -251,9 +251,9 @@ tls_config_parse_protocols(uint32_t protocols, const char protostr)
251	if (strcasecmp(p, "tlsv1") == 0)	251	if (strcasecmp(p, "tlsv1") == 0)
252	proto = TLS_PROTOCOL_TLSv1;	252	proto = TLS_PROTOCOL_TLSv1;
253	else if (strcasecmp(p, "tlsv1.0") == 0)	253	else if (strcasecmp(p, "tlsv1.0") == 0)
254	proto = TLS_PROTOCOL_TLSv1_0;	254	proto = TLS_PROTOCOL_TLSv1_2;
255	else if (strcasecmp(p, "tlsv1.1") == 0)	255	else if (strcasecmp(p, "tlsv1.1") == 0)
256	proto = TLS_PROTOCOL_TLSv1_1;	256	proto = TLS_PROTOCOL_TLSv1_2;
257	else if (strcasecmp(p, "tlsv1.2") == 0)	257	else if (strcasecmp(p, "tlsv1.2") == 0)
258	proto = TLS_PROTOCOL_TLSv1_2;	258	proto = TLS_PROTOCOL_TLSv1_2;
259	else if (strcasecmp(p, "tlsv1.3") == 0)	259	else if (strcasecmp(p, "tlsv1.3") == 0)