3 files changed, 3 insertions, 54 deletions

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index b5b4ff4d31..9783885cd7 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.79 2023/05/05 21:23:02 tb Exp $
+# $OpenBSD: Makefile,v 1.80 2023/07/06 07:56:32 beck Exp $
 
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -19,10 +19,6 @@ CFLAGS+= -DLIBRESSL_INTERNAL
 .ifdef NAMESPACE
 CFLAGS+= -DLIBRESSL_NAMESPACE
 .endif
-.ifdef TLS1_3
-CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT
-CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
-.endif
 .ifdef TLS1_3_DEBUG
 CFLAGS+= -DTLS13_DEBUG
 .endif
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index cb38e5f91c..9666f3882a 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.6 2023/05/26 13:44:05 tb Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.7 2023/07/06 07:56:32 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -174,18 +174,6 @@ __BEGIN_HIDDEN_DECLS
 #define LIBRESSL_HAS_DTLS1_2
 #endif
 
-#ifndef LIBRESSL_HAS_TLS1_3_CLIENT
-#define LIBRESSL_HAS_TLS1_3_CLIENT
-#endif
-
-#ifndef LIBRESSL_HAS_TLS1_3_SERVER
-#define LIBRESSL_HAS_TLS1_3_SERVER
-#endif
-
-#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) || defined(LIBRESSL_HAS_TLS1_3_SERVER)
-#define LIBRESSL_HAS_TLS1_3
-#endif
-
 /* LOCAL STUFF */
 
 #define SSL_DECRYPT     0
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index dac28011f4..8e89ef632e 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.29 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.30 2023/07/06 07:56:32 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -240,7 +240,6 @@ DTLS_server_method(void)
         return &DTLS_method_data;
 }
 
-#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
 static const SSL_METHOD TLS_method_data = {
         .dtls = 0,
         .server = 1,
@@ -261,7 +260,6 @@ static const SSL_METHOD TLS_method_data = {
         .get_cipher = ssl3_get_cipher,
         .enc_flags = TLSV1_3_ENC_FLAGS,
 };
-#endif
 
 static const SSL_METHOD TLS_legacy_method_data = {
         .dtls = 0,
@@ -284,7 +282,6 @@ static const SSL_METHOD TLS_legacy_method_data = {
         .enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
-#if defined(LIBRESSL_HAS_TLS1_3_CLIENT)
 static const SSL_METHOD TLS_client_method_data = {
         .dtls = 0,
         .server = 0,
@@ -306,30 +303,6 @@ static const SSL_METHOD TLS_client_method_data = {
         .enc_flags = TLSV1_3_ENC_FLAGS,
 };
 
-#else
-
-static const SSL_METHOD TLS_legacy_client_method_data = {
-        .dtls = 0,
-        .server = 0,
-        .version = TLS1_2_VERSION,
-        .min_tls_version = TLS1_VERSION,
-        .max_tls_version = TLS1_2_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl_undefined_function,
-        .ssl_renegotiate_check = ssl_ok,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .get_cipher = ssl3_get_cipher,
-        .enc_flags = TLSV1_2_ENC_FLAGS,
-};
-#endif
-
 static const SSL_METHOD TLSv1_method_data = {
         .dtls = 0,
         .server = 1,
@@ -459,21 +432,13 @@ static const SSL_METHOD TLSv1_2_client_method_data = {
 const SSL_METHOD *
 TLS_client_method(void)
 {
-#if defined(LIBRESSL_HAS_TLS1_3_CLIENT)
         return (&TLS_client_method_data);
-#else
-        return (&TLS_legacy_client_method_data);
-#endif
 }
 
 const SSL_METHOD *
 TLS_method(void)
 {
-#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
         return (&TLS_method_data);
-#else
-        return tls_legacy_method();
-#endif
 }
 
 const SSL_METHOD *