artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c21d31) | patch
Disable TLS 1.0 and TLS 1.1 in libssl
authorbeck <beck@openbsd.org>
Sun, 2 Jul 2023 17:21:32 +0000 (17:21 +0000)
committerbeck <beck@openbsd.org>
Sun, 2 Jul 2023 17:21:32 +0000 (17:21 +0000)
commit521ba2f2ab0e0e89d1776559874b3ecc227442fc
tree5cd10c853a93f4780c5d9797b7a06e68458bad9ftree | snapshot
parent4c21d318fc5909ffe35949b5bb782e779981cb62commit | diff
Disable TLS 1.0 and TLS 1.1 in libssl

Their time has long since past, and they should not be used.
This change restricts ssl to versions 1.2 and 1.3, and changes
the regression tests to understand we no longer speak the legacy
protocols.

For the moment the magical "golden" byte for byte comparison
tests of raw handshake values are disabled util jsing fixes them.

ok jsing@ tb@
lib/libssl/s3_lib.c diff | blob | history
lib/libssl/ssl_versions.c diff | blob | history
regress/lib/libssl/Makefile diff | blob | history
regress/lib/libssl/interop/version/Makefile diff | blob | history
regress/lib/libssl/ssl/ssltest.c diff | blob | history
regress/lib/libssl/ssl/testssl diff | blob | history
regress/lib/libssl/tls/tlstest.c diff | blob | history
regress/lib/libssl/tlsfuzzer/tlsfuzzer.py diff | blob | history
regress/lib/libssl/unit/ssl_versions.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim