Disable TLS 1.0 and TLS 1.1 in libssl

Their time has long since past, and they should not be used. This change restricts ssl to versions 1.2 and 1.3, and changes the regression tests to understand we no longer speak the legacy protocols. For the moment the magical "golden" byte for byte comparison tests of raw handshake values are disabled util jsing fixes them. ok jsing@ tb@
author: beck <> 2023-07-02 17:21:33 +0000
committer: beck <> 2023-07-02 17:21:33 +0000
commit: ddcb4efd6551a982bf29b2e8e83c9c808a1670dc (patch)
tree: 33bb9f6c1c9fd44a8c7064445713f67f9fe0b371 /src/regress/lib/libssl/interop
parent: 025f3b8ef1e0ff3017dd0079925fbf85f15a6d22 (diff)
download: openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.tar.gz
openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.tar.bz2
openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
index 9d0ae418ba..c4f7705d63 100644
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.6 2023/04/19 15:34:23 tb Exp $
+# $OpenBSD: Makefile,v 1.7 2023/07/02 17:21:32 beck Exp $
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or openssl 3.0.  Pin client or server to a fixed TLS
@@ -14,7 +14,7 @@ LIBRARIES +=		openssl11
 LIBRARIES +=            openssl30
 .endif
-VERSIONS =      any TLS1 TLS1_1 TLS1_2 TLS1_3
+VERSIONS =      any TLS1_2 TLS1_3
 .for cver in ${VERSIONS}
 .for sver in ${VERSIONS}
author	beck <>	2023-07-02 17:21:33 +0000
committer	beck <>	2023-07-02 17:21:33 +0000
commit	ddcb4efd6551a982bf29b2e8e83c9c808a1670dc (patch)
tree	33bb9f6c1c9fd44a8c7064445713f67f9fe0b371 /src/regress/lib/libssl/interop
parent	025f3b8ef1e0ff3017dd0079925fbf85f15a6d22 (diff)
download	openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.tar.gz openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.tar.bz2 openbsd-ddcb4efd6551a982bf29b2e8e83c9c808a1670dc.zip

diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile index 9d0ae418ba..c4f7705d63 100644 --- a/src/regress/lib/libssl/interop/version/Makefile +++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.6 2023/04/19 15:34:23 tb Exp $	1	# $OpenBSD: Makefile,v 1.7 2023/07/02 17:21:32 beck Exp $
2		2
3	# Connect a client to a server. Both can be current libressl, or	3	# Connect a client to a server. Both can be current libressl, or
4	# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS	4	# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
@@ -14,7 +14,7 @@ LIBRARIES += openssl11
14	LIBRARIES += openssl30	14	LIBRARIES += openssl30
15	.endif	15	.endif
16		16
17	VERSIONS = any TLS1 TLS1_1 TLS1_2 TLS1_3	17	VERSIONS = any TLS1_2 TLS1_3
18		18
19	.for cver in ${VERSIONS}	19	.for cver in ${VERSIONS}
20	.for sver in ${VERSIONS}	20	.for sver in ${VERSIONS}