If all versions of a proto are disabled, disabled the proto as well

For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls'

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2670)
(cherry picked from commit 343a7467c270c54a8e1c85e88e807a1c2e0b6127)

diff --git a/Configure b/Configure
index aee7cc3fc9cf366ca116b567faedebbd436b2294..9a25da5e81562bed5ce4326e8f7074ca31866af1 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -456,6 +456,8 @@ my @disable_cascades = (
     "dgram"            => [ "dtls", "sctp" ],
     "sock"             => [ "dgram" ],
     "dtls"             => [ @dtls ],
+    sub { 0 == scalar grep { !$disabled{$_} } @dtls }
+                       => [ "dtls" ],
 
     # SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
     "md5"              => [ "ssl", "tls1", "tls1_1", "dtls1" ],
@@ -476,6 +478,8 @@ my @disable_cascades = (
                             "dtls1", "dtls1_2" ],
 
     "tls"              => [ @tls ],
+    sub { 0 == scalar grep { !$disabled{$_} } @tls }
+                       => [ "tls" ],
 
     # SRP and HEARTBEATS require TLSEXT
     "tlsext"           => [ "srp", "heartbeats" ],