diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-18 13:10:21 -0500 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-19 09:57:15 -0500 |
| commit | 6b01bed206156dbcb1ab150f618c8b24c01fb0d0 (patch) | |
| tree | 667ea072f731ab8904a121f5b57adb01e40df4af /apps/s_client.c | |
| parent | 6ada465fb258ae2c29668c59f3ec9b69dc38f8b3 (diff) | |
Support disabling any or all TLS or DTLS versions
Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just
TLS 1.2. In the future they might want to disable TLS 1.2 and
enable just TLS 1.3, ...
This commit makes it possible to disable any or all of the TLS or
DTLS protocols. It also considerably simplifies the SSL/TLS tests,
by auto-generating the min/max version tests based on the set of
supported protocols (425 explicitly written out tests got replaced
by two loops that generate all 425 tests if all protocols are
enabled, fewer otherwise).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'apps/s_client.c')
| -rw-r--r-- | apps/s_client.c | 45 |
1 files changed, 31 insertions, 14 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 6d6ad6910c..4dea7c460a 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -675,9 +675,6 @@ OPTIONS s_client_options[] = { {"quiet", OPT_QUIET, '-', "No s_client output"}, {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"}, {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"}, - {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, - {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, - {"tls1", OPT_TLS1, '-', "Just use TLSv1"}, {"starttls", OPT_STARTTLS, 's', "Use the appropriate STARTTLS command before starting TLS"}, {"xmpphost", OPT_XMPPHOST, 's', @@ -727,13 +724,26 @@ OPTIONS s_client_options[] = { #ifndef OPENSSL_NO_SSL3 {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, #endif +#ifndef OPENSSL_NO_TLS1 + {"tls1", OPT_TLS1, '-', "Just use TLSv1"}, +#endif +#ifndef OPENSSL_NO_TLS1_1 + {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, +#endif +#ifndef OPENSSL_NO_TLS1_2 + {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, +#endif #ifndef OPENSSL_NO_DTLS {"dtls", OPT_DTLS, '-'}, - {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, - {"dtls1_2", OPT_DTLS1_2, '-'}, {"timeout", OPT_TIMEOUT, '-'}, {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, #endif +#ifndef OPENSSL_NO_DTLS1 + {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, +#endif +#ifndef OPENSSL_NO_DTLS1_2 + {"dtls1_2", OPT_DTLS1_2, '-'}, +#endif #ifndef OPENSSL_NO_SSL_TRACE {"trace", OPT_TRACE, '-'}, #endif @@ -1108,41 +1118,48 @@ int s_client_main(int argc, char **argv) #endif break; case OPT_TLS1_2: +#ifndef OPENSSL_NO_TLS1_2 meth = TLSv1_2_client_method(); +#endif break; case OPT_TLS1_1: +#ifndef OPENSSL_NO_TLS1_1 meth = TLSv1_1_client_method(); +#endif break; case OPT_TLS1: +#ifndef OPENSSL_NO_TLS1 meth = TLSv1_client_method(); +#endif break; -#ifndef OPENSSL_NO_DTLS case OPT_DTLS: +#ifndef OPENSSL_NO_DTLS meth = DTLS_client_method(); socket_type = SOCK_DGRAM; +#endif break; case OPT_DTLS1: +#ifndef OPENSSL_NO_DTLS1 meth = DTLSv1_client_method(); socket_type = SOCK_DGRAM; +#endif break; case OPT_DTLS1_2: +#ifndef OPENSSL_NO_DTLS1_2 meth = DTLSv1_2_client_method(); socket_type = SOCK_DGRAM; +#endif break; case OPT_TIMEOUT: +#ifndef OPENSSL_NO_DTLS enable_timeouts = 1; +#endif break; case OPT_MTU: +#ifndef OPENSSL_NO_DTLS socket_mtu = atol(opt_arg()); - break; -#else - case OPT_DTLS: - case OPT_DTLS1: - case OPT_DTLS1_2: - case OPT_TIMEOUT: - case OPT_MTU: - break; #endif + break; case OPT_FALLBACKSCSV: fallback_scsv = 1; break; |