Commit 3881d810 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

New option no-ssl3-method which removes SSLv3_*method 



When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
parent 5a3d8eeb

Configure

+5 −0
Original line number Diff line number Diff line
@@ -854,6 +854,11 @@ PROCESS_ARGS: 
					{

					$disabled{"tls1"} = "option(tls)"

					}

				elsif ($1 eq "ssl3-method")

					{

					$disabled{"ssl3-method"} = "option(ssl)";

					$disabled{"ssl3"} = "option(ssl)";

					}

				else

					{

					$disabled{$1} = "option";

apps/s_client.c

+3 −1
Original line number Diff line number Diff line
@@ -336,7 +336,9 @@ static void sc_usage(void) 
	BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N);

#endif

	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");

#ifndef OPENSSL_NO_SSL3_METHOD

	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");

#endif

	BIO_printf(bio_err," -tls1_2       - just use TLSv1.2\n");

	BIO_printf(bio_err," -tls1_1       - just use TLSv1.1\n");

	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
@@ -914,7 +916,7 @@ static char *jpake_secret = NULL; 
		else if	(strcmp(*argv,"-ssl2") == 0)

			meth=SSLv2_client_method();

#endif

#ifndef OPENSSL_NO_SSL3

#ifndef OPENSSL_NO_SSL3_METHOD

		else if	(strcmp(*argv,"-ssl3") == 0)

			meth=SSLv3_client_method();

#endif

apps/s_server.c

+3 −1
Original line number Diff line number Diff line
@@ -509,7 +509,9 @@ static void sv_usage(void) 
	BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");

#endif

	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");

#ifndef OPENSSL_NO_SSL3_METHOD

	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");

#endif

	BIO_printf(bio_err," -tls1_2       - Just talk TLSv1.2\n");

	BIO_printf(bio_err," -tls1_1       - Just talk TLSv1.1\n");

	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
@@ -1408,7 +1410,7 @@ int MAIN(int argc, char *argv[]) 
		else if	(strcmp(*argv,"-ssl2") == 0)

			{ meth=SSLv2_server_method(); }

#endif

#ifndef OPENSSL_NO_SSL3

#ifndef OPENSSL_NO_SSL3_METHOD

		else if	(strcmp(*argv,"-ssl3") == 0)

			{ meth=SSLv3_server_method(); }

#endif

ssl/s3_clnt.c

+2 −1
Original line number Diff line number Diff line
@@ -167,9 +167,9 @@ 
#include <openssl/engine.h>

#endif



static const SSL_METHOD *ssl3_get_client_method(int ver);

static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);



#ifndef OPENSSL_NO_SSL3_METHOD

static const SSL_METHOD *ssl3_get_client_method(int ver)

	{

	if (ver == SSL3_VERSION)
@@ -182,6 +182,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method, 
			ssl_undefined_function,

			ssl3_connect,

			ssl3_get_client_method)

#endif



int ssl3_connect(SSL *s)

	{

ssl/s3_meth.c

+2 −3
Original line number Diff line number Diff line
@@ -60,7 +60,7 @@ 
#include <openssl/objects.h>

#include "ssl_locl.h"



static const SSL_METHOD *ssl3_get_method(int ver);

#ifndef OPENSSL_NO_SSL3_METHOD

static const SSL_METHOD *ssl3_get_method(int ver)

	{

	if (ver == SSL3_VERSION)
@@ -73,5 +73,4 @@ IMPLEMENT_ssl3_meth_func(SSLv3_method, 
			 ssl3_accept,

			 ssl3_connect,

			 ssl3_get_method)



#endif