CVSROOT: /cvs
Module name: src
Changes by: b...@cvs.openbsd.org 2023/07/02 11:21:33
Modified files:
lib/libssl : s3_lib.c ssl_versions.c
regress/lib/libssl: Makefile
regress/lib/libssl/interop/version: Makefile
regress/lib/libssl/ssl: ssltest.c testssl
regress/lib/libssl/tls: tlstest.c
regress/lib/libssl/tlsfuzzer: tlsfuzzer.py
regress/lib/libssl/unit: ssl_versions.c
Log message:
Disable TLS 1.0 and TLS 1.1 in libssl
Their time has long since past, and they should not be used.
This change restricts ssl to versions 1.2 and 1.3, and changes
the regression tests to understand we no longer speak the legacy
protocols.
For the moment the magical "golden" byte for byte comparison
tests of raw handshake values are disabled util jsing fixes them.
ok jsing@ tb@
