Remove the ability to do tls 1.0 and 1.1 from libtls.

With this change any requests from configurations to request versions of tls before tls 1.2 will use tls 1.2. This prepares us to deprecate tls 1.0 and tls 1.1 support from libssl. ok tb@
author: beck <> 2023-07-02 06:37:27 +0000
committer: beck <> 2023-07-02 06:37:27 +0000
commit: 908a2337ae4c28163a92b9fda969dbdd36bc634b (patch)
tree: 4bacb3a3d0ace64e696059ed29bf6c2df878b8b4 /src/regress/lib
parent: b19abb3cde834d2cceba4bba1da858c2c4897b5e (diff)
download: openbsd-908a2337ae4c28163a92b9fda969dbdd36bc634b.tar.gz
openbsd-908a2337ae4c28163a92b9fda969dbdd36bc634b.tar.bz2
openbsd-908a2337ae4c28163a92b9fda969dbdd36bc634b.zip
3 files changed, 13 insertions, 20 deletions
diff --git a/src/regress/lib/libtls/config/configtest.c b/src/regress/lib/libtls/config/configtest.c
index 47aa03e826..5af5b56ffd 100644
--- a/src/regress/lib/libtls/config/configtest.c
+++ b/src/regress/lib/libtls/config/configtest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: configtest.c,v 1.2 2020/01/20 08:40:16 jsing Exp $ */
+/* $OpenBSD: configtest.c,v 1.3 2023/07/02 06:37:27 beck Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -71,30 +71,27 @@ struct parse_protocols_test parse_protocols_tests[] = {
        {
                .protostr = "tlsv1.0:tlsv1.1:tlsv1.2:tlsv1.3",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+                .want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
-                    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+                .want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
-                    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "tlsv1.1,tlsv1.2,tlsv1.0",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+                .want_protocols = TLS_PROTOCOL_TLSv1_2,
-                    TLS_PROTOCOL_TLSv1_2,
        },
        {
                .protostr = "tlsv1.1,tlsv1.2,tlsv1.1",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2,
+                .want_protocols = TLS_PROTOCOL_TLSv1_2,
        },
        {
                .protostr = "tlsv1.1,tlsv1.2,!tlsv1.1",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_2,
+                .want_protocols = 0,
        },
        {
                .protostr = "unknown",
@@ -114,19 +111,17 @@ struct parse_protocols_test parse_protocols_tests[] = {
        {
                .protostr = "all,!tlsv1.0",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
+                .want_protocols = TLS_PROTOCOL_TLSv1_3,
-                        TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "!tlsv1.0",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
+                .want_protocols = TLS_PROTOCOL_TLSv1_3,
-                        TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "!tlsv1.0,!tlsv1.1,!tlsv1.3",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_2,
+                .want_protocols = 0,
        },
        {
                .protostr = "!tlsv1.0,!tlsv1.1,tlsv1.2,!tlsv1.3",
diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go
index cf3e84c030..3029d58c35 100644
--- a/src/regress/lib/libtls/gotls/tls.go
+++ b/src/regress/lib/libtls/gotls/tls.go
@@ -45,8 +45,6 @@ const (
 )
 var protocolNames = map[ProtocolVersion]string{
-        ProtocolTLSv10: "TLSv1",
-        ProtocolTLSv11: "TLSv1.1",
        ProtocolTLSv12: "TLSv1.2",
        ProtocolTLSv13: "TLSv1.3",
        ProtocolsAll:   "all",
diff --git a/src/regress/lib/libtls/gotls/tls_test.go b/src/regress/lib/libtls/gotls/tls_test.go
index f6c6cfcdd5..2b7ce2c19e 100644
--- a/src/regress/lib/libtls/gotls/tls_test.go
+++ b/src/regress/lib/libtls/gotls/tls_test.go
@@ -251,11 +251,11 @@ func TestTLSVersions(t *testing.T) {
                {tls.VersionSSL30, tls.VersionTLS12, ProtocolTLSv12, false},
                {tls.VersionTLS10, tls.VersionTLS12, ProtocolTLSv12, false},
                {tls.VersionTLS11, tls.VersionTLS12, ProtocolTLSv12, false},
-                {tls.VersionSSL30, tls.VersionTLS11, ProtocolTLSv11, false},
+                {tls.VersionSSL30, tls.VersionTLS11, ProtocolTLSv11, true},
-                {tls.VersionSSL30, tls.VersionTLS10, ProtocolTLSv10, false},
+                {tls.VersionSSL30, tls.VersionTLS10, ProtocolTLSv10, true},
                {tls.VersionSSL30, tls.VersionSSL30, 0, true},
-                {tls.VersionTLS10, tls.VersionTLS10, ProtocolTLSv10, false},
+                {tls.VersionTLS10, tls.VersionTLS10, ProtocolTLSv10, true},
-                {tls.VersionTLS11, tls.VersionTLS11, ProtocolTLSv11, false},
+                {tls.VersionTLS11, tls.VersionTLS11, ProtocolTLSv11, true},
                {tls.VersionTLS12, tls.VersionTLS12, ProtocolTLSv12, false},
        }
        for i, test := range tests {
author	beck <>	2023-07-02 06:37:27 +0000
committer	beck <>	2023-07-02 06:37:27 +0000
commit	908a2337ae4c28163a92b9fda969dbdd36bc634b (patch)
tree	4bacb3a3d0ace64e696059ed29bf6c2df878b8b4 /src/regress/lib
parent	b19abb3cde834d2cceba4bba1da858c2c4897b5e (diff)
download	openbsd-908a2337ae4c28163a92b9fda969dbdd36bc634b.tar.gz openbsd-908a2337ae4c28163a92b9fda969dbdd36bc634b.tar.bz2 openbsd-908a2337ae4c28163a92b9fda969dbdd36bc634b.zip