diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-18 13:10:21 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-19 09:57:15 -0500 |
commit | 6b01bed206156dbcb1ab150f618c8b24c01fb0d0 (patch) | |
tree | 667ea072f731ab8904a121f5b57adb01e40df4af /apps/ciphers.c | |
parent | 6ada465fb258ae2c29668c59f3ec9b69dc38f8b3 (diff) |
Support disabling any or all TLS or DTLS versions
Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just
TLS 1.2. In the future they might want to disable TLS 1.2 and
enable just TLS 1.3, ...
This commit makes it possible to disable any or all of the TLS or
DTLS protocols. It also considerably simplifies the SSL/TLS tests,
by auto-generating the min/max version tests based on the set of
supported protocols (425 explicitly written out tests got replaced
by two loops that generate all 425 tests if all protocols are
enabled, fewer otherwise).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'apps/ciphers.c')
-rw-r--r-- | apps/ciphers.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/apps/ciphers.c b/apps/ciphers.c index 086ad43657..3e1ed951a2 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -78,15 +78,21 @@ OPTIONS ciphers_options[] = { {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, {"V", OPT_UPPER_V, '-', "Even more verbose"}, {"s", OPT_S, '-', "Only supported ciphers"}, +#ifndef OPENSSL_NO_SSL3 + {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, +#endif +#ifndef OPENSSL_NO_TLS1 {"tls1", OPT_TLS1, '-', "TLS1 mode"}, +#endif +#ifndef OPENSSL_NO_TLS1_1 {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"}, +#endif +#ifndef OPENSSL_NO_TLS1_2 {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, +#endif #ifndef OPENSSL_NO_SSL_TRACE {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, #endif -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, -#endif #ifndef OPENSSL_NO_PSK {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, #endif @@ -153,13 +159,19 @@ int ciphers_main(int argc, char **argv) #endif break; case OPT_TLS1: +#ifndef OPENSSL_NO_TLS1 meth = TLSv1_client_method(); +#endif break; case OPT_TLS1_1: +#ifndef OPENSSL_NO_TLS1_1 meth = TLSv1_1_client_method(); +#endif break; case OPT_TLS1_2: +#ifndef OPENSSL_NO_TLS1_2 meth = TLSv1_2_client_method(); +#endif break; case OPT_PSK: #ifndef OPENSSL_NO_PSK |