From 659aa2178d089822ccf693dbe92409198a5e6eba Mon Sep 17 00:00:00 2001 From: beck <> Date: Mon, 3 Jul 2023 06:22:07 +0000 Subject: Remove the tls1.0 and 1.1 related options from the openssl(1) toolkit ok tb@ --- src/usr.bin/openssl/s_client.c | 70 +++--------------------------------------- 1 file changed, 4 insertions(+), 66 deletions(-) (limited to 'src/usr.bin/openssl/s_client.c') diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 82a8128243..21bb632810 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.60 2023/03/06 14:32:06 tb Exp $ */ +/* $OpenBSD: s_client.c,v 1.61 2023/07/03 06:22:07 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -296,18 +296,6 @@ s_client_opt_protocol_version_dtls(void) } #endif -#ifndef OPENSSL_NO_DTLS1 -static int -s_client_opt_protocol_version_dtls1(void) -{ - cfg.meth = DTLS_client_method(); - cfg.min_version = DTLS1_VERSION; - cfg.max_version = DTLS1_VERSION; - cfg.socket_type = SOCK_DGRAM; - return (0); -} -#endif - #ifndef OPENSSL_NO_DTLS1_2 static int s_client_opt_protocol_version_dtls1_2(void) @@ -320,22 +308,6 @@ s_client_opt_protocol_version_dtls1_2(void) } #endif -static int -s_client_opt_protocol_version_tls1(void) -{ - cfg.min_version = TLS1_VERSION; - cfg.max_version = TLS1_VERSION; - return (0); -} - -static int -s_client_opt_protocol_version_tls1_1(void) -{ - cfg.min_version = TLS1_1_VERSION; - cfg.max_version = TLS1_1_VERSION; - return (0); -} - static int s_client_opt_protocol_version_tls1_2(void) { @@ -505,14 +477,6 @@ static const struct option s_client_options[] = { .opt.func = s_client_opt_protocol_version_dtls, }, #endif -#ifndef OPENSSL_NO_DTLS1 - { - .name = "dtls1", - .desc = "Just use DTLSv1", - .type = OPTION_FUNC, - .opt.func = s_client_opt_protocol_version_dtls1, - }, -#endif #ifndef OPENSSL_NO_DTLS1_2 { .name = "dtls1_2", @@ -659,20 +623,6 @@ static const struct option s_client_options[] = { .opt.value = &cfg.off, .value = SSL_OP_NO_TICKET, }, - { - .name = "no_tls1", - .desc = "Disable the use of TLSv1", - .type = OPTION_VALUE_OR, - .opt.value = &cfg.off, - .value = SSL_OP_NO_TLSv1, - }, - { - .name = "no_tls1_1", - .desc = "Disable the use of TLSv1.1", - .type = OPTION_VALUE_OR, - .opt.value = &cfg.off, - .value = SSL_OP_NO_TLSv1_1, - }, { .name = "no_tls1_2", .desc = "Disable the use of TLSv1.2", @@ -805,18 +755,6 @@ static const struct option s_client_options[] = { .opt.flag = &cfg.enable_timeouts, }, #endif - { - .name = "tls1", - .desc = "Just use TLSv1", - .type = OPTION_FUNC, - .opt.func = s_client_opt_protocol_version_tls1, - }, - { - .name = "tls1_1", - .desc = "Just use TLSv1.1", - .type = OPTION_FUNC, - .opt.func = s_client_opt_protocol_version_tls1_1, - }, { .name = "tls1_2", .desc = "Just use TLSv1.2", @@ -880,17 +818,17 @@ sc_usage(void) "[-4 | -6] [-alpn protocols] [-bugs] [-CAfile file]\n" " [-CApath directory] [-cert file] [-certform der | pem] [-check_ss_sig]\n" " [-cipher cipherlist] [-connect host[:port]] [-crl_check]\n" - " [-crl_check_all] [-crlf] [-debug] [-dtls] [-dtls1] [-dtls1_2] [-extended_crl]\n" + " [-crl_check_all] [-crlf] [-debug] [-dtls] [-dtls1_2] [-extended_crl]\n" " [-groups list] [-host host] [-ign_eof] [-ignore_critical]\n" " [-issuer_checks] [-key keyfile] [-keyform der | pem]\n" " [-keymatexport label] [-keymatexportlen len] [-legacy_server_connect]\n" " [-msg] [-mtu mtu] [-nbio] [-nbio_test] [-no_comp] [-no_ign_eof]\n" - " [-no_legacy_server_connect] [-no_ticket] [-no_tls1] [-no_tls1_1]\n" + " [-no_legacy_server_connect] [-no_ticket] \n" " [-no_tls1_2] [-no_tls1_3] [-pass arg] [-pause] [-policy_check]\n" " [-port port] [-prexit] [-proxy host:port] [-quiet] [-reconnect]\n" " [-servername name] [-serverpref] [-sess_in file] [-sess_out file]\n" " [-showcerts] [-starttls protocol] [-state] [-status] [-timeout]\n" - " [-tls1] [-tls1_1] [-tls1_2] [-tls1_3] [-tlsextdebug]\n" + " [-tls1_2] [-tls1_3] [-tlsextdebug]\n" " [-use_srtp profiles] [-verify depth] [-verify_return_error]\n" " [-x509_strict] [-xmpphost host]\n"); fprintf(stderr, "\n"); -- cgit v1.2.3-55-g6feb