From b5c24d4f5d3503c531fc617a12c82bf02ffeab45 Mon Sep 17 00:00:00 2001 From: beck Date: Mon, 3 Jul 2023 08:03:56 +0000 Subject: [PATCH] Bring back no_tls1 and no_tls1_1 as undocumented silently discarded opitons While I'm here, change the no_ssl2 and no_ssl3 options to use OPTION_DISCARD as well instead of continuing to set a no-op option flag. ok jsing@ tb@ --- usr.bin/openssl/s_client.c | 10 +++++++++- usr.bin/openssl/s_server.c | 18 +++++++++++------- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/usr.bin/openssl/s_client.c b/usr.bin/openssl/s_client.c index 21bb632810e..e5a6b006b4e 100644 --- a/usr.bin/openssl/s_client.c +++ b/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.61 2023/07/03 06:22:07 beck Exp $ */ +/* $OpenBSD: s_client.c,v 1.62 2023/07/03 08:03:56 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -623,6 +623,14 @@ static const struct option s_client_options[] = { .opt.value = &cfg.off, .value = SSL_OP_NO_TICKET, }, + { + .name = "no_tls1", + .type = OPTION_DISCARD, + }, + { + .name = "no_tls1_1", + .type = OPTION_DISCARD, + }, { .name = "no_tls1_2", .desc = "Disable the use of TLSv1.2", diff --git a/usr.bin/openssl/s_server.c b/usr.bin/openssl/s_server.c index 12eb90699e7..95fe633ef1e 100644 --- a/usr.bin/openssl/s_server.c +++ b/usr.bin/openssl/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.57 2023/07/03 06:22:07 beck Exp $ */ +/* $OpenBSD: s_server.c,v 1.58 2023/07/03 08:03:56 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -770,15 +770,19 @@ static const struct option s_server_options[] = { }, { .name = "no_ssl2", - .type = OPTION_VALUE_OR, - .opt.value = &cfg.off, - .value = SSL_OP_NO_SSLv2, + .type = OPTION_DISCARD, }, { .name = "no_ssl3", - .type = OPTION_VALUE_OR, - .opt.value = &cfg.off, - .value = SSL_OP_NO_SSLv3, + .type = OPTION_DISCARD, + }, + { + .name = "no_tls1", + .type = OPTION_DISCARD, + }, + { + .name = "no_tls1_1", + .type = OPTION_DISCARD, }, { .name = "no_tls1_2", -- 2.20.1