From 659aa2178d089822ccf693dbe92409198a5e6eba Mon Sep 17 00:00:00 2001 From: beck <> Date: Mon, 3 Jul 2023 06:22:07 +0000 Subject: Remove the tls1.0 and 1.1 related options from the openssl(1) toolkit ok tb@ --- src/usr.bin/openssl/s_server.c | 72 +++--------------------------------------- 1 file changed, 5 insertions(+), 67 deletions(-) (limited to 'src/usr.bin/openssl/s_server.c') diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index a7f6146c4c..12eb90699e 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.56 2023/03/06 14:32:06 tb Exp $ */ +/* $OpenBSD: s_server.c,v 1.57 2023/07/03 06:22:07 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -341,18 +341,6 @@ s_server_opt_protocol_version_dtls(void) } #endif -#ifndef OPENSSL_NO_DTLS1 -static int -s_server_opt_protocol_version_dtls1(void) -{ - cfg.meth = DTLS_server_method(); - cfg.min_version = DTLS1_VERSION; - cfg.max_version = DTLS1_VERSION; - cfg.socket_type = SOCK_DGRAM; - return (0); -} -#endif - #ifndef OPENSSL_NO_DTLS1_2 static int s_server_opt_protocol_version_dtls1_2(void) @@ -365,22 +353,6 @@ s_server_opt_protocol_version_dtls1_2(void) } #endif -static int -s_server_opt_protocol_version_tls1(void) -{ - cfg.min_version = TLS1_VERSION; - cfg.max_version = TLS1_VERSION; - return (0); -} - -static int -s_server_opt_protocol_version_tls1_1(void) -{ - cfg.min_version = TLS1_1_VERSION; - cfg.max_version = TLS1_1_VERSION; - return (0); -} - static int s_server_opt_protocol_version_tls1_2(void) { @@ -648,14 +620,6 @@ static const struct option s_server_options[] = { .opt.func = s_server_opt_protocol_version_dtls, }, #endif -#ifndef OPENSSL_NO_DTLS1 - { - .name = "dtls1", - .desc = "Just use DTLSv1", - .type = OPTION_FUNC, - .opt.func = s_server_opt_protocol_version_dtls1, - }, -#endif #ifndef OPENSSL_NO_DTLS1_2 { .name = "dtls1_2", @@ -816,20 +780,6 @@ static const struct option s_server_options[] = { .opt.value = &cfg.off, .value = SSL_OP_NO_SSLv3, }, - { - .name = "no_tls1", - .desc = "Just disable TLSv1", - .type = OPTION_VALUE_OR, - .opt.value = &cfg.off, - .value = SSL_OP_NO_TLSv1, - }, - { - .name = "no_tls1_1", - .desc = "Just disable TLSv1.1", - .type = OPTION_VALUE_OR, - .opt.value = &cfg.off, - .value = SSL_OP_NO_TLSv1_1, - }, { .name = "no_tls1_2", .desc = "Just disable TLSv1.2", @@ -934,18 +884,6 @@ static const struct option s_server_options[] = { .opt.flag = &cfg.enable_timeouts, }, #endif - { - .name = "tls1", - .desc = "Just talk TLSv1", - .type = OPTION_FUNC, - .opt.func = s_server_opt_protocol_version_tls1, - }, - { - .name = "tls1_1", - .desc = "Just talk TLSv1.1", - .type = OPTION_FUNC, - .opt.func = s_server_opt_protocol_version_tls1_1, - }, { .name = "tls1_2", .desc = "Just talk TLSv1.2", @@ -1050,17 +988,17 @@ sv_usage(void) " [-context id] [-crl_check] [-crl_check_all] [-crlf]\n" " [-dcert file] [-dcertform der | pem] [-debug]\n" " [-dhparam file] [-dkey file] [-dkeyform der | pem]\n" - " [-dpass arg] [-dtls] [-dtls1] [-dtls1_2] [-groups list] [-HTTP]\n" + " [-dpass arg] [-dtls] [-dtls1_2] [-groups list] [-HTTP]\n" " [-id_prefix arg] [-key keyfile] [-key2 keyfile]\n" " [-keyform der | pem] [-keymatexport label]\n" " [-keymatexportlen len] [-msg] [-mtu mtu] [-naccept num]\n" " [-named_curve arg] [-nbio] [-nbio_test] [-no_cache]\n" - " [-no_dhe] [-no_ecdhe] [-no_ticket] [-no_tls1]\n" - " [-no_tls1_1] [-no_tls1_2] [-no_tls1_3] [-no_tmp_rsa]\n" + " [-no_dhe] [-no_ecdhe] [-no_ticket] \n" + " [-no_tls1_2] [-no_tls1_3] [-no_tmp_rsa]\n" " [-nocert] [-pass arg] [-quiet] [-servername name]\n" " [-servername_fatal] [-serverpref] [-state] [-status]\n" " [-status_timeout nsec] [-status_url url]\n" - " [-status_verbose] [-timeout] [-tls1] [-tls1_1]\n" + " [-status_verbose] [-timeout] \n" " [-tls1_2] [-tls1_3] [-tlsextdebug] [-use_srtp profiles]\n" " [-Verify depth] [-verify depth] [-verify_return_error]\n" " [-WWW] [-www]\n"); -- cgit v1.2.3-55-g6feb