Patch to add -tls switch to s_server. Using the switch allows TLS v1.0 or above for connections.
`meth
$ git diff apps/s_server.c
diff --git a/apps/s_server.c b/apps/s_server.c
index 1bac3b4..edda7db 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -314,6 +314,10 @@ static int s_quiet=0;
static int s_ign_eof=0;
static int s_brief=0;
+#ifndef OPENSSL_NO_TLS1
+static int tls_all = 0;
+#endif
+
static char *keymatexportlabel=NULL;
static int keymatexportlen=20;
@@ -572,6 +576,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n");
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
+ BIO_printf(bio_err," -tls - Talk TLSv1 or above\n");
BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
BIO_printf(bio_err," -dtls1_2 - Just talk DTLSv1.2\n");
BIO_printf(bio_err," -timeout - Enable timeouts\n");
@@ -1451,6 +1456,8 @@ int MAIN(int argc, char *argv[])
{ meth=SSLv3_server_method(); }
#endif
#ifndef OPENSSL_NO_TLS1
+ else if (strcmp(*argv,"-tls") == 0)
+ { tls_all = 1; }
else if (strcmp(*argv,"-tls1") == 0)
{ meth=TLSv1_server_method(); }
else if (strcmp(*argv,"-tls1_1") == 0)
@@ -1800,6 +1807,7 @@ bad:
SSL_CTX_set_quiet_shutdown(ctx,1);
if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
if (exc) ssl_ctx_set_excert(ctx, exc);
+ if (tls_all) SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
/* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
s_server-tls_all.patch
Description: Binary data
