diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2016-02-02 23:58:49 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2016-03-09 19:38:56 +0100 |
commit | 0d5301aff900970b09d2fe0c70d1038157d7638b (patch) | |
tree | eccb37f83a5388dee8ec57cbb90eb3b404ea3be0 /apps/ciphers.c | |
parent | 1fc7d6664a3d118f9d5de217c9ffd154ed9ddb6f (diff) |
Use minimum and maximum protocol version instead of version fixed methods
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
Diffstat (limited to 'apps/ciphers.c')
-rw-r--r-- | apps/ciphers.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/apps/ciphers.c b/apps/ciphers.c index 3e1ed951a2..924c0153b3 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -126,6 +126,7 @@ int ciphers_main(int argc, char **argv) char *ciphers = NULL, *prog; char buf[512]; OPTION_CHOICE o; + int min_version = 0, max_version = 0; prog = opt_init(argc, argv, ciphers_options); while ((o = opt_next()) != OPT_EOF) { @@ -154,24 +155,20 @@ int ciphers_main(int argc, char **argv) #endif break; case OPT_SSL3: -#ifndef OPENSSL_NO_SSL3 - meth = SSLv3_client_method(); -#endif + min_version = SSL3_VERSION; + max_version = SSL3_VERSION; break; case OPT_TLS1: -#ifndef OPENSSL_NO_TLS1 - meth = TLSv1_client_method(); -#endif + min_version = TLS1_VERSION; + max_version = TLS1_VERSION; break; case OPT_TLS1_1: -#ifndef OPENSSL_NO_TLS1_1 - meth = TLSv1_1_client_method(); -#endif + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; break; case OPT_TLS1_2: -#ifndef OPENSSL_NO_TLS1_2 - meth = TLSv1_2_client_method(); -#endif + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; break; case OPT_PSK: #ifndef OPENSSL_NO_PSK @@ -191,6 +188,11 @@ int ciphers_main(int argc, char **argv) ctx = SSL_CTX_new(meth); if (ctx == NULL) goto err; + if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) + goto err; + if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) + goto err; + #ifndef OPENSSL_NO_PSK if (psk) SSL_CTX_set_psk_client_callback(ctx, dummy_psk); |