Ensure that we cannot negotiate TLSv1.1 or lower.

TLS versions prior to TLSv1.2 were disabled a while ago, however this
was done in the version handling code. Remove TLSv1.1 and earlier from
ssl_get_method() and add an explicit min version check in the legacy
client and server, to provide a stronger guarantee.

ok kenjiro@ tb@

3 files changed, 21 insertions, 13 deletions

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 22469ce346..6ef81a1706 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.170 2025/12/04 21:03:42 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.171 2026/04/03 12:58:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -233,6 +233,13 @@ ssl3_connect(SSL *s)
                                 goto end;
                         }
 
+                        /* Ensure that we cannot negotiate TLSv1.1 or lower. */
+                        if (s->s3->hs.our_min_tls_version < TLS1_2_VERSION) {
+                                SSLerror(s, ERR_R_INTERNAL_ERROR);
+                                ret = -1;
+                                goto end;
+                        }
+
                         if (!ssl_security_version(s,
                             s->s3->hs.our_min_tls_version)) {
                                 SSLerror(s, SSL_R_VERSION_TOO_LOW);
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index dee52decf1..dd620c1008 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.32 2024/07/23 14:40:54 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.33 2026/04/03 12:58:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -538,17 +538,11 @@ const SSL_METHOD *
 ssl_get_method(uint16_t version)
 {
         if (version == TLS1_3_VERSION)
-                return (TLS_method());
+                return TLS_method();
         if (version == TLS1_2_VERSION)
-                return (TLSv1_2_method());
-        if (version == TLS1_1_VERSION)
-                return (TLSv1_1_method());
-        if (version == TLS1_VERSION)
-                return (TLSv1_method());
-        if (version == DTLS1_VERSION)
-                return (DTLSv1_method());
+                return TLSv1_2_method();
         if (version == DTLS1_2_VERSION)
-                return (DTLSv1_2_method());
+                return DTLSv1_2_method();
 
-        return (NULL);
+        return NULL;
 }
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index ef93e283de..af4b20f6ce 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.167 2025/12/04 21:03:42 beck Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.168 2026/04/03 12:58:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -238,6 +238,13 @@ ssl3_accept(SSL *s)
                                 goto end;
                         }
 
+                        /* Ensure that we cannot negotiate TLSv1.1 or lower. */
+                        if (s->s3->hs.our_min_tls_version < TLS1_2_VERSION) {
+                                SSLerror(s, ERR_R_INTERNAL_ERROR);
+                                ret = -1;
+                                goto end;
+                        }
+
                         if (!ssl_security_version(s,
                             s->s3->hs.our_min_tls_version)) {
                                 SSLerror(s, SSL_R_VERSION_TOO_LOW);