mirror of
https://github.com/openssl/openssl.git
synced 2026-05-07 20:12:39 +00:00
Removes fixed version TLS methods.
Fixes #28343 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org> MergeDate: Tue Feb 24 21:19:39 2026 (Merged from https://github.com/openssl/openssl/pull/30128)
This commit is contained in:
Frederik Wedel-Heinen
committed by
Neil Horman
Neil Horman
parent
922a1f1bb2
commit
9a46c4c595
+11
-84
@@ -2,15 +2,9 @@
|
||||
|
||||
=head1 NAME
|
||||
|
||||
TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
|
||||
SSL_CTX_new, SSL_CTX_new_ex, SSL_CTX_up_ref, SSLv3_method,
|
||||
SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method,
|
||||
TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method,
|
||||
TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method,
|
||||
SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method,
|
||||
DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method,
|
||||
DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method,
|
||||
DTLSv1_2_client_method
|
||||
SSL_CTX_new, SSL_CTX_new_ex, SSL_CTX_up_ref, TLS_method, TLS_server_method,
|
||||
TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method,
|
||||
DTLS_method, DTLS_server_method, DTLS_client_method
|
||||
- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled
|
||||
functions
|
||||
|
||||
@@ -31,46 +25,10 @@ functions
|
||||
const SSL_METHOD *SSLv23_server_method(void);
|
||||
const SSL_METHOD *SSLv23_client_method(void);
|
||||
|
||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||
const SSL_METHOD *SSLv3_method(void);
|
||||
const SSL_METHOD *SSLv3_server_method(void);
|
||||
const SSL_METHOD *SSLv3_client_method(void);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_METHOD
|
||||
const SSL_METHOD *TLSv1_method(void);
|
||||
const SSL_METHOD *TLSv1_server_method(void);
|
||||
const SSL_METHOD *TLSv1_client_method(void);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||
const SSL_METHOD *TLSv1_1_method(void);
|
||||
const SSL_METHOD *TLSv1_1_server_method(void);
|
||||
const SSL_METHOD *TLSv1_1_client_method(void);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||
const SSL_METHOD *TLSv1_2_method(void);
|
||||
const SSL_METHOD *TLSv1_2_server_method(void);
|
||||
const SSL_METHOD *TLSv1_2_client_method(void);
|
||||
#endif
|
||||
|
||||
const SSL_METHOD *DTLS_method(void);
|
||||
const SSL_METHOD *DTLS_server_method(void);
|
||||
const SSL_METHOD *DTLS_client_method(void);
|
||||
|
||||
#ifndef OPENSSL_NO_DTLS1_METHOD
|
||||
const SSL_METHOD *DTLSv1_method(void);
|
||||
const SSL_METHOD *DTLSv1_server_method(void);
|
||||
const SSL_METHOD *DTLSv1_client_method(void);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DTLS1_2_METHOD
|
||||
const SSL_METHOD *DTLSv1_2_method(void);
|
||||
const SSL_METHOD *DTLSv1_2_server_method(void);
|
||||
const SSL_METHOD *DTLSv1_2_client_method(void);
|
||||
#endif
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CTX_new_ex() creates a new B<SSL_CTX> object, which holds various
|
||||
@@ -120,15 +78,6 @@ can be one of the following:
|
||||
|
||||
=over 4
|
||||
|
||||
=item TLS_method(), TLS_server_method(), TLS_client_method()
|
||||
|
||||
These are the general-purpose I<version-flexible> SSL/TLS methods.
|
||||
The actual protocol version used will be negotiated to the highest version
|
||||
mutually supported by the client and the server.
|
||||
The supported protocols are TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
|
||||
Applications should use these methods, and avoid the version-specific
|
||||
methods described below, which are deprecated.
|
||||
|
||||
=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
|
||||
|
||||
These functions do not exist anymore, they have been renamed to
|
||||
@@ -138,39 +87,17 @@ ones by preprocessor macros, to ensure that existing code which uses the
|
||||
old function names still compiles. However, using the old function names
|
||||
is deprecated and new code should call the new functions instead.
|
||||
|
||||
=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
|
||||
=item TLS_method(), TLS_server_method(), TLS_client_method()
|
||||
|
||||
A TLS/SSL connection established with these methods will only understand the
|
||||
TLSv1.2 protocol. These methods are deprecated.
|
||||
|
||||
=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
|
||||
|
||||
A TLS/SSL connection established with these methods will only understand the
|
||||
TLSv1.1 protocol. These methods are deprecated.
|
||||
|
||||
=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
|
||||
|
||||
A TLS/SSL connection established with these methods will only understand the
|
||||
TLSv1 protocol. These methods are deprecated.
|
||||
|
||||
=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
|
||||
|
||||
Starting in version 3.6 those functions always return NULL.
|
||||
These are the general-purpose I<version-flexible> SSL/TLS methods.
|
||||
The actual protocol version used will be negotiated to the highest version
|
||||
mutually supported by the client and the server.
|
||||
The supported protocols are TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
|
||||
|
||||
=item DTLS_method(), DTLS_server_method(), DTLS_client_method()
|
||||
|
||||
These are the version-flexible DTLS methods.
|
||||
Currently supported protocols are DTLS 1.0 and DTLS 1.2.
|
||||
|
||||
=item DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
|
||||
|
||||
These are the version-specific methods for DTLSv1.2.
|
||||
These methods are deprecated.
|
||||
|
||||
=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
|
||||
|
||||
These are the version-specific methods for DTLSv1.
|
||||
These methods are deprecated.
|
||||
The supported protocols are DTLS 1.0 and DTLS 1.2.
|
||||
|
||||
=back
|
||||
|
||||
@@ -180,8 +107,6 @@ callbacks, the keys and certificates and the options to their default values.
|
||||
TLS_method(), TLS_server_method(), TLS_client_method(), DTLS_method(),
|
||||
DTLS_server_method() and DTLS_client_method() are the I<version-flexible>
|
||||
methods.
|
||||
All other methods only support one specific protocol version.
|
||||
Use the I<version-flexible> methods instead of the version specific methods.
|
||||
|
||||
If you want to limit the supported protocols for the version flexible
|
||||
methods you can use L<SSL_CTX_set_min_proto_version(3)>,
|
||||
@@ -247,6 +172,8 @@ All version-specific methods were deprecated in OpenSSL 1.1.0.
|
||||
|
||||
SSL_CTX_new_ex() was added in OpenSSL 3.0.
|
||||
|
||||
All version-specific methods were removed in OpenSSL 4.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
@@ -46,6 +46,22 @@ Memory leak detectors may report there is allocated, but still reachable,
|
||||
allocated memory at application exit. If clean report is desired, then
|
||||
application must call OPENSSL_cleanup() explicitly before main() returns.
|
||||
|
||||
=head3 Removal of fixed (D)TLS version method functions
|
||||
|
||||
SSLv3_method(), SSLv3_server_method(), SSLv3_client_method(),
|
||||
TLSv1_method(), TLSv1_server_method(), TLSv1_client_method(),
|
||||
TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method(),
|
||||
TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method(),
|
||||
DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method(),
|
||||
DTLSv1_2_method(), DTLSv1_2_server_method() and DTLSv1_2_client_method()
|
||||
were deprecated in the OpenSSL 1.1.0 release.
|
||||
|
||||
Migrating applications should use
|
||||
TLS_method(), TLS_server_method(), TLS_client_method(),
|
||||
TLS_method(), TLS_server_method(), TLS_client_method(),
|
||||
instead and set the version with the SSL_CTX_set_min_proto_version() and/or
|
||||
SSL_CTX_set_max_proto_version() api's.
|
||||
|
||||
=head3 Deprecation of EVP_MD_CTX_get0_md_data()
|
||||
|
||||
The function EVP_MD_CTX_get0_md_data() has been deprecated in 4.0. This function
|
||||
|
||||
+1
-1
@@ -69,7 +69,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
|
||||
return 0;
|
||||
|
||||
/* This only fuzzes the initial flow from the client so far. */
|
||||
ctx = SSL_CTX_new(SSLv23_method());
|
||||
ctx = SSL_CTX_new(TLS_method());
|
||||
if (ctx == NULL)
|
||||
goto end;
|
||||
|
||||
|
||||
+1
-1
@@ -2343,7 +2343,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
|
||||
return 0;
|
||||
|
||||
/* This only fuzzes the initial flow from the client so far. */
|
||||
ctx = SSL_CTX_new(SSLv23_method());
|
||||
ctx = SSL_CTX_new(TLS_method());
|
||||
OPENSSL_assert(ctx != NULL);
|
||||
ret = SSL_CTX_set_min_proto_version(ctx, 0);
|
||||
OPENSSL_assert(ret == 1);
|
||||
|
||||
@@ -2039,14 +2039,6 @@ OSSL_DEPRECATEDIN_3_0
|
||||
__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||
#ifndef OPENSSL_NO_DEPRECATED_1_1_0
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_server_method(void);
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_client_method(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#define SSLv23_method TLS_method
|
||||
#define SSLv23_server_method TLS_server_method
|
||||
#define SSLv23_client_method TLS_client_method
|
||||
@@ -2056,47 +2048,6 @@ __owur const SSL_METHOD *TLS_method(void);
|
||||
__owur const SSL_METHOD *TLS_server_method(void);
|
||||
__owur const SSL_METHOD *TLS_client_method(void);
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_METHOD
|
||||
#ifndef OPENSSL_NO_DEPRECATED_1_1_0
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_server_method(void);
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_client_method(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||
#ifndef OPENSSL_NO_DEPRECATED_1_1_0
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_server_method(void);
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_client_method(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||
#ifndef OPENSSL_NO_DEPRECATED_1_1_0
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_server_method(void);
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_client_method(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DTLS1_METHOD
|
||||
#ifndef OPENSSL_NO_DEPRECATED_1_1_0
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_server_method(void);
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_client_method(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DTLS1_2_METHOD
|
||||
/* DTLSv1.2 */
|
||||
#ifndef OPENSSL_NO_DEPRECATED_1_1_0
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_method(void);
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_server_method(void);
|
||||
OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_client_method(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
|
||||
__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
|
||||
__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
|
||||
|
||||
-104
@@ -162,107 +162,3 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
||||
DTLS_client_method,
|
||||
ssl_undefined_function,
|
||||
ossl_statem_connect, DTLSv1_2_enc_data)
|
||||
#ifndef OPENSSL_NO_DEPRECATED_1_1_0
|
||||
#ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||
const SSL_METHOD *TLSv1_2_method(void)
|
||||
{
|
||||
return tlsv1_2_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_2_server_method(void)
|
||||
{
|
||||
return tlsv1_2_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_2_client_method(void)
|
||||
{
|
||||
return tlsv1_2_client_method();
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||
const SSL_METHOD *TLSv1_1_method(void)
|
||||
{
|
||||
return tlsv1_1_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_1_server_method(void)
|
||||
{
|
||||
return tlsv1_1_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_1_client_method(void)
|
||||
{
|
||||
return tlsv1_1_client_method();
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_TLS1_METHOD
|
||||
const SSL_METHOD *TLSv1_method(void)
|
||||
{
|
||||
return tlsv1_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_server_method(void)
|
||||
{
|
||||
return tlsv1_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_client_method(void)
|
||||
{
|
||||
return tlsv1_client_method();
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||
const SSL_METHOD *SSLv3_method(void)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const SSL_METHOD *SSLv3_server_method(void)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const SSL_METHOD *SSLv3_client_method(void)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DTLS1_2_METHOD
|
||||
const SSL_METHOD *DTLSv1_2_method(void)
|
||||
{
|
||||
return dtlsv1_2_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *DTLSv1_2_server_method(void)
|
||||
{
|
||||
return dtlsv1_2_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *DTLSv1_2_client_method(void)
|
||||
{
|
||||
return dtlsv1_2_client_method();
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DTLS1_METHOD
|
||||
const SSL_METHOD *DTLSv1_method(void)
|
||||
{
|
||||
return dtlsv1_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *DTLSv1_server_method(void)
|
||||
{
|
||||
return dtlsv1_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *DTLSv1_client_method(void)
|
||||
{
|
||||
return dtlsv1_client_method();
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
@@ -345,27 +345,9 @@ SSL_get_error ? 4_0_0 EXIST::FUNCTION:
|
||||
SSL_get_version ? 4_0_0 EXIST::FUNCTION:
|
||||
SSL_get_handshake_rtt ? 4_0_0 EXIST::FUNCTION:
|
||||
SSL_CTX_set_ssl_version ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
|
||||
SSLv3_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
|
||||
SSLv3_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
|
||||
SSLv3_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
|
||||
TLS_method ? 4_0_0 EXIST::FUNCTION:
|
||||
TLS_server_method ? 4_0_0 EXIST::FUNCTION:
|
||||
TLS_client_method ? 4_0_0 EXIST::FUNCTION:
|
||||
TLSv1_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
|
||||
TLSv1_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
|
||||
TLSv1_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
|
||||
TLSv1_1_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
|
||||
TLSv1_1_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
|
||||
TLSv1_1_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
|
||||
TLSv1_2_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
|
||||
TLSv1_2_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
|
||||
TLSv1_2_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
|
||||
DTLSv1_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
|
||||
DTLSv1_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
|
||||
DTLSv1_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
|
||||
DTLSv1_2_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
|
||||
DTLSv1_2_server_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
|
||||
DTLSv1_2_client_method ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
|
||||
DTLS_method ? 4_0_0 EXIST::FUNCTION:
|
||||
DTLS_server_method ? 4_0_0 EXIST::FUNCTION:
|
||||
DTLS_client_method ? 4_0_0 EXIST::FUNCTION:
|
||||
|
||||
Reference in New Issue
Block a user