Bring back no_tls1 and no_tls1_1 as undocumented silently discarded opitons

While I'm here, change the no_ssl2 and no_ssl3 options to use
OPTION_DISCARD as well instead of continuing to set a no-op
option flag.

ok jsing@ tb@

diff --git a/usr.bin/openssl/s_client.c b/usr.bin/openssl/s_client.c
index 21bb632..e5a6b00 100644 (file)
--- a/usr.bin/openssl/s_client.c
+++ b/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.61 2023/07/03 06:22:07 beck Exp $ */
+/* $OpenBSD: s_client.c,v 1.62 2023/07/03 08:03:56 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -623,6 +623,14 @@ static const struct option s_client_options[] = {
                .opt.value = &cfg.off,
                .value = SSL_OP_NO_TICKET,
        },
+       {
+               .name = "no_tls1",
+               .type = OPTION_DISCARD,
+       },
+       {
+               .name = "no_tls1_1",
+               .type = OPTION_DISCARD,
+       },
        {
                .name = "no_tls1_2",
                .desc = "Disable the use of TLSv1.2",

diff --git a/usr.bin/openssl/s_server.c b/usr.bin/openssl/s_server.c
index 12eb906..95fe633 100644 (file)
--- a/usr.bin/openssl/s_server.c
+++ b/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_server.c,v 1.57 2023/07/03 06:22:07 beck Exp $ */
+/* $OpenBSD: s_server.c,v 1.58 2023/07/03 08:03:56 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -770,15 +770,19 @@ static const struct option s_server_options[] = {
        },
        {
                .name = "no_ssl2",
-               .type = OPTION_VALUE_OR,
-               .opt.value = &cfg.off,
-               .value = SSL_OP_NO_SSLv2,
+               .type = OPTION_DISCARD,
        },
        {
                .name = "no_ssl3",
-               .type = OPTION_VALUE_OR,
-               .opt.value = &cfg.off,
-               .value = SSL_OP_NO_SSLv3,
+               .type = OPTION_DISCARD,
+       },
+       {
+               .name = "no_tls1",
+               .type = OPTION_DISCARD,
+       },
+       {
+               .name = "no_tls1_1",
+               .type = OPTION_DISCARD,
        },
        {
                .name = "no_tls1_2",