summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/s3_lib.c4
-rw-r--r--src/lib/libssl/ssl_versions.c12
2 files changed, 4 insertions, 12 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 37ca7bd113..7561060120 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.244 2023/05/26 13:44:05 tb Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.245 2023/07/02 17:21:32 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1672,7 +1672,7 @@ ssl3_clear(SSL *s)
1672 s->s3->in_read_app_data = 0; 1672 s->s3->in_read_app_data = 0;
1673 1673
1674 s->packet_length = 0; 1674 s->packet_length = 0;
1675 s->version = TLS1_VERSION; 1675 s->version = TLS1_2_VERSION;
1676 1676
1677 s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); 1677 s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
1678} 1678}
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c
index fbc0004f4b..8273546062 100644
--- a/src/lib/libssl/ssl_versions.c
+++ b/src/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_versions.c,v 1.26 2022/11/26 16:08:56 tb Exp $ */ 1/* $OpenBSD: ssl_versions.c,v 1.27 2023/07/02 17:21:32 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -150,11 +150,7 @@ ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
150 options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2; 150 options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2;
151 } 151 }
152 152
153 if ((options & SSL_OP_NO_TLSv1) == 0) 153 if ((options & SSL_OP_NO_TLSv1_2) == 0)
154 min_version = TLS1_VERSION;
155 else if ((options & SSL_OP_NO_TLSv1_1) == 0)
156 min_version = TLS1_1_VERSION;
157 else if ((options & SSL_OP_NO_TLSv1_2) == 0)
158 min_version = TLS1_2_VERSION; 154 min_version = TLS1_2_VERSION;
159 else if ((options & SSL_OP_NO_TLSv1_3) == 0) 155 else if ((options & SSL_OP_NO_TLSv1_3) == 0)
160 min_version = TLS1_3_VERSION; 156 min_version = TLS1_3_VERSION;
@@ -162,10 +158,6 @@ ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
162 if ((options & SSL_OP_NO_TLSv1_3) && min_version < TLS1_3_VERSION) 158 if ((options & SSL_OP_NO_TLSv1_3) && min_version < TLS1_3_VERSION)
163 max_version = TLS1_2_VERSION; 159 max_version = TLS1_2_VERSION;
164 if ((options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) 160 if ((options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION)
165 max_version = TLS1_1_VERSION;
166 if ((options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION)
167 max_version = TLS1_VERSION;
168 if ((options & SSL_OP_NO_TLSv1) && min_version < TLS1_VERSION)
169 max_version = 0; 161 max_version = 0;
170 162
171 /* Everything has been disabled... */ 163 /* Everything has been disabled... */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 13:44:00 +0000