CVSROOT: /cvs Module name: src Changes by: b...@cvs.openbsd.org 2023/07/02 11:21:33
Modified files: lib/libssl : s3_lib.c ssl_versions.c regress/lib/libssl: Makefile regress/lib/libssl/interop/version: Makefile regress/lib/libssl/ssl: ssltest.c testssl regress/lib/libssl/tls: tlstest.c regress/lib/libssl/tlsfuzzer: tlsfuzzer.py regress/lib/libssl/unit: ssl_versions.c Log message: Disable TLS 1.0 and TLS 1.1 in libssl Their time has long since past, and they should not be used. This change restricts ssl to versions 1.2 and 1.3, and changes the regression tests to understand we no longer speak the legacy protocols. For the moment the magical "golden" byte for byte comparison tests of raw handshake values are disabled util jsing fixes them. ok jsing@ tb@