Remove the tls1.0 and 1.1 related options from the openssl(1) toolkit

ok tb@
author: beck <> 2023-07-03 06:22:07 +0000
committer: beck <> 2023-07-03 06:22:07 +0000
commit: 659aa2178d089822ccf693dbe92409198a5e6eba (patch)
tree: 44924c51d45a2c3360c6c969a1a8a3605db5bb42 /src/usr.bin/openssl/s_client.c
parent: a85cbed79eb84739306350203cd9a95f63a6baa0 (diff)
download: openbsd-659aa2178d089822ccf693dbe92409198a5e6eba.tar.gz
openbsd-659aa2178d089822ccf693dbe92409198a5e6eba.tar.bz2
openbsd-659aa2178d089822ccf693dbe92409198a5e6eba.zip
1 files changed, 4 insertions, 66 deletions
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 82a8128243..21bb632810 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.60 2023/03/06 14:32:06 tb Exp $ */
+/* $OpenBSD: s_client.c,v 1.61 2023/07/03 06:22:07 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -296,18 +296,6 @@ s_client_opt_protocol_version_dtls(void)
 }
 #endif
-#ifndef OPENSSL_NO_DTLS1
-static int
-s_client_opt_protocol_version_dtls1(void)
-{
-        cfg.meth = DTLS_client_method();
-        cfg.min_version = DTLS1_VERSION;
-        cfg.max_version = DTLS1_VERSION;
-        cfg.socket_type = SOCK_DGRAM;
-        return (0);
-}
-#endif
 #ifndef OPENSSL_NO_DTLS1_2
 static int
 s_client_opt_protocol_version_dtls1_2(void)
@@ -321,22 +309,6 @@ s_client_opt_protocol_version_dtls1_2(void)
 #endif
 static int
-s_client_opt_protocol_version_tls1(void)
-{
-        cfg.min_version = TLS1_VERSION;
-        cfg.max_version = TLS1_VERSION;
-        return (0);
-}
-static int
-s_client_opt_protocol_version_tls1_1(void)
-{
-        cfg.min_version = TLS1_1_VERSION;
-        cfg.max_version = TLS1_1_VERSION;
-        return (0);
-}
-static int
 s_client_opt_protocol_version_tls1_2(void)
 {
        cfg.min_version = TLS1_2_VERSION;
@@ -505,14 +477,6 @@ static const struct option s_client_options[] = {
                .opt.func = s_client_opt_protocol_version_dtls,
        },
 #endif
-#ifndef OPENSSL_NO_DTLS1
-        {
-                .name = "dtls1",
-                .desc = "Just use DTLSv1",
-                .type = OPTION_FUNC,
-                .opt.func = s_client_opt_protocol_version_dtls1,
-        },
-#endif
 #ifndef OPENSSL_NO_DTLS1_2
        {
                .name = "dtls1_2",
@@ -660,20 +624,6 @@ static const struct option s_client_options[] = {
                .value = SSL_OP_NO_TICKET,
        },
        {
-                .name = "no_tls1",
-                .desc = "Disable the use of TLSv1",
-                .type = OPTION_VALUE_OR,
-                .opt.value = &cfg.off,
-                .value = SSL_OP_NO_TLSv1,
-        },
-        {
-                .name = "no_tls1_1",
-                .desc = "Disable the use of TLSv1.1",
-                .type = OPTION_VALUE_OR,
-                .opt.value = &cfg.off,
-                .value = SSL_OP_NO_TLSv1_1,
-        },
-        {
                .name = "no_tls1_2",
                .desc = "Disable the use of TLSv1.2",
                .type = OPTION_VALUE_OR,
@@ -806,18 +756,6 @@ static const struct option s_client_options[] = {
        },
 #endif
        {
-                .name = "tls1",
-                .desc = "Just use TLSv1",
-                .type = OPTION_FUNC,
-                .opt.func = s_client_opt_protocol_version_tls1,
-        },
-        {
-                .name = "tls1_1",
-                .desc = "Just use TLSv1.1",
-                .type = OPTION_FUNC,
-                .opt.func = s_client_opt_protocol_version_tls1_1,
-        },
-        {
                .name = "tls1_2",
                .desc = "Just use TLSv1.2",
                .type = OPTION_FUNC,
@@ -880,17 +818,17 @@ sc_usage(void)
            "[-4 | -6] [-alpn protocols] [-bugs] [-CAfile file]\n"
            "    [-CApath directory] [-cert file] [-certform der | pem] [-check_ss_sig]\n"
            "    [-cipher cipherlist] [-connect host[:port]] [-crl_check]\n"
-            "    [-crl_check_all] [-crlf] [-debug] [-dtls] [-dtls1] [-dtls1_2] [-extended_crl]\n"
+            "    [-crl_check_all] [-crlf] [-debug] [-dtls] [-dtls1_2] [-extended_crl]\n"
            "    [-groups list] [-host host] [-ign_eof] [-ignore_critical]\n"
            "    [-issuer_checks] [-key keyfile] [-keyform der | pem]\n"
            "    [-keymatexport label] [-keymatexportlen len] [-legacy_server_connect]\n"
            "    [-msg] [-mtu mtu] [-nbio] [-nbio_test] [-no_comp] [-no_ign_eof]\n"
-            "    [-no_legacy_server_connect] [-no_ticket] [-no_tls1] [-no_tls1_1]\n"
+            "    [-no_legacy_server_connect] [-no_ticket] \n"
            "    [-no_tls1_2] [-no_tls1_3] [-pass arg] [-pause] [-policy_check]\n"
            "    [-port port] [-prexit] [-proxy host:port] [-quiet] [-reconnect]\n"
            "    [-servername name] [-serverpref] [-sess_in file] [-sess_out file]\n"
            "    [-showcerts] [-starttls protocol] [-state] [-status] [-timeout]\n"
-            "    [-tls1] [-tls1_1] [-tls1_2] [-tls1_3] [-tlsextdebug]\n"
+            "    [-tls1_2] [-tls1_3] [-tlsextdebug]\n"
            "    [-use_srtp profiles] [-verify depth] [-verify_return_error]\n"
            "    [-x509_strict] [-xmpphost host]\n");
        fprintf(stderr, "\n");
author	beck <>	2023-07-03 06:22:07 +0000
committer	beck <>	2023-07-03 06:22:07 +0000
commit	659aa2178d089822ccf693dbe92409198a5e6eba (patch)
tree	44924c51d45a2c3360c6c969a1a8a3605db5bb42 /src/usr.bin/openssl/s_client.c
parent	a85cbed79eb84739306350203cd9a95f63a6baa0 (diff)
download	openbsd-659aa2178d089822ccf693dbe92409198a5e6eba.tar.gz openbsd-659aa2178d089822ccf693dbe92409198a5e6eba.tar.bz2 openbsd-659aa2178d089822ccf693dbe92409198a5e6eba.zip

diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 82a8128243..21bb632810 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s_client.c,v 1.60 2023/03/06 14:32:06 tb Exp $ */	1	/* $OpenBSD: s_client.c,v 1.61 2023/07/03 06:22:07 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -296,18 +296,6 @@ s_client_opt_protocol_version_dtls(void)
296	}	296	}
297	#endif	297	#endif
298		298
299	#ifndef OPENSSL_NO_DTLS1
300	static int
301	s_client_opt_protocol_version_dtls1(void)
302	{
303	cfg.meth = DTLS_client_method();
304	cfg.min_version = DTLS1_VERSION;
305	cfg.max_version = DTLS1_VERSION;
306	cfg.socket_type = SOCK_DGRAM;
307	return (0);
308	}
309	#endif
310
311	#ifndef OPENSSL_NO_DTLS1_2	299	#ifndef OPENSSL_NO_DTLS1_2
312	static int	300	static int
313	s_client_opt_protocol_version_dtls1_2(void)	301	s_client_opt_protocol_version_dtls1_2(void)
@@ -321,22 +309,6 @@ s_client_opt_protocol_version_dtls1_2(void)
321	#endif	309	#endif
322		310
323	static int	311	static int
324	s_client_opt_protocol_version_tls1(void)
325	{
326	cfg.min_version = TLS1_VERSION;
327	cfg.max_version = TLS1_VERSION;
328	return (0);
329	}
330
331	static int
332	s_client_opt_protocol_version_tls1_1(void)
333	{
334	cfg.min_version = TLS1_1_VERSION;
335	cfg.max_version = TLS1_1_VERSION;
336	return (0);
337	}
338
339	static int
340	s_client_opt_protocol_version_tls1_2(void)	312	s_client_opt_protocol_version_tls1_2(void)
341	{	313	{
342	cfg.min_version = TLS1_2_VERSION;	314	cfg.min_version = TLS1_2_VERSION;
@@ -505,14 +477,6 @@ static const struct option s_client_options[] = {
505	.opt.func = s_client_opt_protocol_version_dtls,	477	.opt.func = s_client_opt_protocol_version_dtls,
506	},	478	},
507	#endif	479	#endif
508	#ifndef OPENSSL_NO_DTLS1
509	{
510	.name = "dtls1",
511	.desc = "Just use DTLSv1",
512	.type = OPTION_FUNC,
513	.opt.func = s_client_opt_protocol_version_dtls1,
514	},
515	#endif
516	#ifndef OPENSSL_NO_DTLS1_2	480	#ifndef OPENSSL_NO_DTLS1_2
517	{	481	{
518	.name = "dtls1_2",	482	.name = "dtls1_2",
@@ -660,20 +624,6 @@ static const struct option s_client_options[] = {
660	.value = SSL_OP_NO_TICKET,	624	.value = SSL_OP_NO_TICKET,
661	},	625	},
662	{	626	{
663	.name = "no_tls1",
664	.desc = "Disable the use of TLSv1",
665	.type = OPTION_VALUE_OR,
666	.opt.value = &cfg.off,
667	.value = SSL_OP_NO_TLSv1,
668	},
669	{
670	.name = "no_tls1_1",
671	.desc = "Disable the use of TLSv1.1",
672	.type = OPTION_VALUE_OR,
673	.opt.value = &cfg.off,
674	.value = SSL_OP_NO_TLSv1_1,
675	},
676	{
677	.name = "no_tls1_2",	627	.name = "no_tls1_2",
678	.desc = "Disable the use of TLSv1.2",	628	.desc = "Disable the use of TLSv1.2",
679	.type = OPTION_VALUE_OR,	629	.type = OPTION_VALUE_OR,
@@ -806,18 +756,6 @@ static const struct option s_client_options[] = {
806	},	756	},
807	#endif	757	#endif
808	{	758	{
809	.name = "tls1",
810	.desc = "Just use TLSv1",
811	.type = OPTION_FUNC,
812	.opt.func = s_client_opt_protocol_version_tls1,
813	},
814	{
815	.name = "tls1_1",
816	.desc = "Just use TLSv1.1",
817	.type = OPTION_FUNC,
818	.opt.func = s_client_opt_protocol_version_tls1_1,
819	},
820	{
821	.name = "tls1_2",	759	.name = "tls1_2",
822	.desc = "Just use TLSv1.2",	760	.desc = "Just use TLSv1.2",
823	.type = OPTION_FUNC,	761	.type = OPTION_FUNC,
@@ -880,17 +818,17 @@ sc_usage(void)
880	"[-4 \| -6] [-alpn protocols] [-bugs] [-CAfile file]\n"	818	"[-4 \| -6] [-alpn protocols] [-bugs] [-CAfile file]\n"
881	" [-CApath directory] [-cert file] [-certform der \| pem] [-check_ss_sig]\n"	819	" [-CApath directory] [-cert file] [-certform der \| pem] [-check_ss_sig]\n"
882	" [-cipher cipherlist] [-connect host[:port]] [-crl_check]\n"	820	" [-cipher cipherlist] [-connect host[:port]] [-crl_check]\n"
883	" [-crl_check_all] [-crlf] [-debug] [-dtls] [-dtls1] [-dtls1_2] [-extended_crl]\n"	821	" [-crl_check_all] [-crlf] [-debug] [-dtls] [-dtls1_2] [-extended_crl]\n"
884	" [-groups list] [-host host] [-ign_eof] [-ignore_critical]\n"	822	" [-groups list] [-host host] [-ign_eof] [-ignore_critical]\n"
885	" [-issuer_checks] [-key keyfile] [-keyform der \| pem]\n"	823	" [-issuer_checks] [-key keyfile] [-keyform der \| pem]\n"
886	" [-keymatexport label] [-keymatexportlen len] [-legacy_server_connect]\n"	824	" [-keymatexport label] [-keymatexportlen len] [-legacy_server_connect]\n"
887	" [-msg] [-mtu mtu] [-nbio] [-nbio_test] [-no_comp] [-no_ign_eof]\n"	825	" [-msg] [-mtu mtu] [-nbio] [-nbio_test] [-no_comp] [-no_ign_eof]\n"
888	" [-no_legacy_server_connect] [-no_ticket] [-no_tls1] [-no_tls1_1]\n"	826	" [-no_legacy_server_connect] [-no_ticket] \n"
889	" [-no_tls1_2] [-no_tls1_3] [-pass arg] [-pause] [-policy_check]\n"	827	" [-no_tls1_2] [-no_tls1_3] [-pass arg] [-pause] [-policy_check]\n"
890	" [-port port] [-prexit] [-proxy host:port] [-quiet] [-reconnect]\n"	828	" [-port port] [-prexit] [-proxy host:port] [-quiet] [-reconnect]\n"
891	" [-servername name] [-serverpref] [-sess_in file] [-sess_out file]\n"	829	" [-servername name] [-serverpref] [-sess_in file] [-sess_out file]\n"
892	" [-showcerts] [-starttls protocol] [-state] [-status] [-timeout]\n"	830	" [-showcerts] [-starttls protocol] [-state] [-status] [-timeout]\n"
893	" [-tls1] [-tls1_1] [-tls1_2] [-tls1_3] [-tlsextdebug]\n"	831	" [-tls1_2] [-tls1_3] [-tlsextdebug]\n"
894	" [-use_srtp profiles] [-verify depth] [-verify_return_error]\n"	832	" [-use_srtp profiles] [-verify depth] [-verify_return_error]\n"
895	" [-x509_strict] [-xmpphost host]\n");	833	" [-x509_strict] [-xmpphost host]\n");
896	fprintf(stderr, "\n");	834	fprintf(stderr, "\n");