diff options
| author | beck <> | 2023-07-03 06:22:07 +0000 |
|---|---|---|
| committer | beck <> | 2023-07-03 06:22:07 +0000 |
| commit | 659aa2178d089822ccf693dbe92409198a5e6eba (patch) | |
| tree | 44924c51d45a2c3360c6c969a1a8a3605db5bb42 /src/usr.bin/openssl/s_server.c | |
| parent | a85cbed79eb84739306350203cd9a95f63a6baa0 (diff) | |
| download | openbsd-659aa2178d089822ccf693dbe92409198a5e6eba.tar.gz openbsd-659aa2178d089822ccf693dbe92409198a5e6eba.tar.bz2 openbsd-659aa2178d089822ccf693dbe92409198a5e6eba.zip | |
Remove the tls1.0 and 1.1 related options from the openssl(1) toolkit
ok tb@
Diffstat (limited to 'src/usr.bin/openssl/s_server.c')
| -rw-r--r-- | src/usr.bin/openssl/s_server.c | 72 |
1 files changed, 5 insertions, 67 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index a7f6146c4c..12eb90699e 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_server.c,v 1.56 2023/03/06 14:32:06 tb Exp $ */ | 1 | /* $OpenBSD: s_server.c,v 1.57 2023/07/03 06:22:07 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -341,18 +341,6 @@ s_server_opt_protocol_version_dtls(void) | |||
| 341 | } | 341 | } |
| 342 | #endif | 342 | #endif |
| 343 | 343 | ||
| 344 | #ifndef OPENSSL_NO_DTLS1 | ||
| 345 | static int | ||
| 346 | s_server_opt_protocol_version_dtls1(void) | ||
| 347 | { | ||
| 348 | cfg.meth = DTLS_server_method(); | ||
| 349 | cfg.min_version = DTLS1_VERSION; | ||
| 350 | cfg.max_version = DTLS1_VERSION; | ||
| 351 | cfg.socket_type = SOCK_DGRAM; | ||
| 352 | return (0); | ||
| 353 | } | ||
| 354 | #endif | ||
| 355 | |||
| 356 | #ifndef OPENSSL_NO_DTLS1_2 | 344 | #ifndef OPENSSL_NO_DTLS1_2 |
| 357 | static int | 345 | static int |
| 358 | s_server_opt_protocol_version_dtls1_2(void) | 346 | s_server_opt_protocol_version_dtls1_2(void) |
| @@ -366,22 +354,6 @@ s_server_opt_protocol_version_dtls1_2(void) | |||
| 366 | #endif | 354 | #endif |
| 367 | 355 | ||
| 368 | static int | 356 | static int |
| 369 | s_server_opt_protocol_version_tls1(void) | ||
| 370 | { | ||
| 371 | cfg.min_version = TLS1_VERSION; | ||
| 372 | cfg.max_version = TLS1_VERSION; | ||
| 373 | return (0); | ||
| 374 | } | ||
| 375 | |||
| 376 | static int | ||
| 377 | s_server_opt_protocol_version_tls1_1(void) | ||
| 378 | { | ||
| 379 | cfg.min_version = TLS1_1_VERSION; | ||
| 380 | cfg.max_version = TLS1_1_VERSION; | ||
| 381 | return (0); | ||
| 382 | } | ||
| 383 | |||
| 384 | static int | ||
| 385 | s_server_opt_protocol_version_tls1_2(void) | 357 | s_server_opt_protocol_version_tls1_2(void) |
| 386 | { | 358 | { |
| 387 | cfg.min_version = TLS1_2_VERSION; | 359 | cfg.min_version = TLS1_2_VERSION; |
| @@ -648,14 +620,6 @@ static const struct option s_server_options[] = { | |||
| 648 | .opt.func = s_server_opt_protocol_version_dtls, | 620 | .opt.func = s_server_opt_protocol_version_dtls, |
| 649 | }, | 621 | }, |
| 650 | #endif | 622 | #endif |
| 651 | #ifndef OPENSSL_NO_DTLS1 | ||
| 652 | { | ||
| 653 | .name = "dtls1", | ||
| 654 | .desc = "Just use DTLSv1", | ||
| 655 | .type = OPTION_FUNC, | ||
| 656 | .opt.func = s_server_opt_protocol_version_dtls1, | ||
| 657 | }, | ||
| 658 | #endif | ||
| 659 | #ifndef OPENSSL_NO_DTLS1_2 | 623 | #ifndef OPENSSL_NO_DTLS1_2 |
| 660 | { | 624 | { |
| 661 | .name = "dtls1_2", | 625 | .name = "dtls1_2", |
| @@ -817,20 +781,6 @@ static const struct option s_server_options[] = { | |||
| 817 | .value = SSL_OP_NO_SSLv3, | 781 | .value = SSL_OP_NO_SSLv3, |
| 818 | }, | 782 | }, |
| 819 | { | 783 | { |
| 820 | .name = "no_tls1", | ||
| 821 | .desc = "Just disable TLSv1", | ||
| 822 | .type = OPTION_VALUE_OR, | ||
| 823 | .opt.value = &cfg.off, | ||
| 824 | .value = SSL_OP_NO_TLSv1, | ||
| 825 | }, | ||
| 826 | { | ||
| 827 | .name = "no_tls1_1", | ||
| 828 | .desc = "Just disable TLSv1.1", | ||
| 829 | .type = OPTION_VALUE_OR, | ||
| 830 | .opt.value = &cfg.off, | ||
| 831 | .value = SSL_OP_NO_TLSv1_1, | ||
| 832 | }, | ||
| 833 | { | ||
| 834 | .name = "no_tls1_2", | 784 | .name = "no_tls1_2", |
| 835 | .desc = "Just disable TLSv1.2", | 785 | .desc = "Just disable TLSv1.2", |
| 836 | .type = OPTION_VALUE_OR, | 786 | .type = OPTION_VALUE_OR, |
| @@ -935,18 +885,6 @@ static const struct option s_server_options[] = { | |||
| 935 | }, | 885 | }, |
| 936 | #endif | 886 | #endif |
| 937 | { | 887 | { |
| 938 | .name = "tls1", | ||
| 939 | .desc = "Just talk TLSv1", | ||
| 940 | .type = OPTION_FUNC, | ||
| 941 | .opt.func = s_server_opt_protocol_version_tls1, | ||
| 942 | }, | ||
| 943 | { | ||
| 944 | .name = "tls1_1", | ||
| 945 | .desc = "Just talk TLSv1.1", | ||
| 946 | .type = OPTION_FUNC, | ||
| 947 | .opt.func = s_server_opt_protocol_version_tls1_1, | ||
| 948 | }, | ||
| 949 | { | ||
| 950 | .name = "tls1_2", | 888 | .name = "tls1_2", |
| 951 | .desc = "Just talk TLSv1.2", | 889 | .desc = "Just talk TLSv1.2", |
| 952 | .type = OPTION_FUNC, | 890 | .type = OPTION_FUNC, |
| @@ -1050,17 +988,17 @@ sv_usage(void) | |||
| 1050 | " [-context id] [-crl_check] [-crl_check_all] [-crlf]\n" | 988 | " [-context id] [-crl_check] [-crl_check_all] [-crlf]\n" |
| 1051 | " [-dcert file] [-dcertform der | pem] [-debug]\n" | 989 | " [-dcert file] [-dcertform der | pem] [-debug]\n" |
| 1052 | " [-dhparam file] [-dkey file] [-dkeyform der | pem]\n" | 990 | " [-dhparam file] [-dkey file] [-dkeyform der | pem]\n" |
| 1053 | " [-dpass arg] [-dtls] [-dtls1] [-dtls1_2] [-groups list] [-HTTP]\n" | 991 | " [-dpass arg] [-dtls] [-dtls1_2] [-groups list] [-HTTP]\n" |
| 1054 | " [-id_prefix arg] [-key keyfile] [-key2 keyfile]\n" | 992 | " [-id_prefix arg] [-key keyfile] [-key2 keyfile]\n" |
| 1055 | " [-keyform der | pem] [-keymatexport label]\n" | 993 | " [-keyform der | pem] [-keymatexport label]\n" |
| 1056 | " [-keymatexportlen len] [-msg] [-mtu mtu] [-naccept num]\n" | 994 | " [-keymatexportlen len] [-msg] [-mtu mtu] [-naccept num]\n" |
| 1057 | " [-named_curve arg] [-nbio] [-nbio_test] [-no_cache]\n" | 995 | " [-named_curve arg] [-nbio] [-nbio_test] [-no_cache]\n" |
| 1058 | " [-no_dhe] [-no_ecdhe] [-no_ticket] [-no_tls1]\n" | 996 | " [-no_dhe] [-no_ecdhe] [-no_ticket] \n" |
| 1059 | " [-no_tls1_1] [-no_tls1_2] [-no_tls1_3] [-no_tmp_rsa]\n" | 997 | " [-no_tls1_2] [-no_tls1_3] [-no_tmp_rsa]\n" |
| 1060 | " [-nocert] [-pass arg] [-quiet] [-servername name]\n" | 998 | " [-nocert] [-pass arg] [-quiet] [-servername name]\n" |
| 1061 | " [-servername_fatal] [-serverpref] [-state] [-status]\n" | 999 | " [-servername_fatal] [-serverpref] [-state] [-status]\n" |
| 1062 | " [-status_timeout nsec] [-status_url url]\n" | 1000 | " [-status_timeout nsec] [-status_url url]\n" |
| 1063 | " [-status_verbose] [-timeout] [-tls1] [-tls1_1]\n" | 1001 | " [-status_verbose] [-timeout] \n" |
| 1064 | " [-tls1_2] [-tls1_3] [-tlsextdebug] [-use_srtp profiles]\n" | 1002 | " [-tls1_2] [-tls1_3] [-tlsextdebug] [-use_srtp profiles]\n" |
| 1065 | " [-Verify depth] [-verify depth] [-verify_return_error]\n" | 1003 | " [-Verify depth] [-verify depth] [-verify_return_error]\n" |
| 1066 | " [-WWW] [-www]\n"); | 1004 | " [-WWW] [-www]\n"); |