From: Dr. Stephen Henson Date: Sun, 9 Oct 2011 23:26:39 +0000 (+0000) Subject: Don't disable TLS v1.2 by default now. X-Git-Tag: OpenSSL-fips-2_0-rc1~92 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7d7c13cbab72b5afb37797fda8e8ac46af49a716;p=oweals%2Fopenssl.git Don't disable TLS v1.2 by default now. --- diff --git a/apps/s_client.c b/apps/s_client.c index 683169aa68..ef45e43cd1 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1106,9 +1106,6 @@ bad: SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } #endif - /* HACK while TLS v1.2 is disabled by default */ - if (!(off & SSL_OP_NO_TLSv1_2)) - SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2); if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL|off); else diff --git a/apps/s_server.c b/apps/s_server.c index 17ee441009..35b24ee54a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1526,9 +1526,6 @@ bad: SSL_CTX_set_quiet_shutdown(ctx,1); if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); - /* HACK while TLS v1.2 is disabled by default */ - if (!(off & SSL_OP_NO_TLSv1_2)) - SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2); SSL_CTX_set_options(ctx,off); /* DTLS: partial reads end up discarding unread UDP bytes :-( * Setting read ahead solves this problem. diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c983474f58..3a87572b39 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1849,8 +1849,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) * deployed might change this. */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - /* Disable TLS v1.2 by default for now */ - ret->options |= SSL_OP_NO_TLSv1_2; return(ret); err: