Bring back no_tls1 and no_tls1_1 as undocumented silently discarded opitons

While I'm here, change the no_ssl2 and no_ssl3 options to use
OPTION_DISCARD as well instead of continuing to set a no-op
option flag.

ok jsing@ tb@

1 files changed, 11 insertions, 7 deletions

diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 12eb90699e..95fe633ef1 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_server.c,v 1.57 2023/07/03 06:22:07 beck Exp $ */
+/* $OpenBSD: s_server.c,v 1.58 2023/07/03 08:03:56 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -770,15 +770,19 @@ static const struct option s_server_options[] = {
         },
         {
                 .name = "no_ssl2",
-                .type = OPTION_VALUE_OR,
-                .opt.value = &cfg.off,
-                .value = SSL_OP_NO_SSLv2,
+                .type = OPTION_DISCARD,
         },
         {
                 .name = "no_ssl3",
-                .type = OPTION_VALUE_OR,
-                .opt.value = &cfg.off,
-                .value = SSL_OP_NO_SSLv3,
+                .type = OPTION_DISCARD,
+        },
+        {
+                .name = "no_tls1",
+                .type = OPTION_DISCARD,
+        },
+        {
+                .name = "no_tls1_1",
+                .type = OPTION_DISCARD,
         },
         {
                 .name = "no_tls1_2",