From: Max Fillinger Date: Tue, 18 Jun 2024 12:02:19 +0000 (+0200) Subject: mbedtls: Remove support for old TLS versions X-Git-Tag: v2.7_alpha1~247 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=013c119af96bc57c41e04e4a8f64b5d80e2e9ba6;p=thirdparty%2Fopenvpn.git mbedtls: Remove support for old TLS versions Recent versions of mbedtls have dropped support for TLS 1.0 and 1.1. Rather than checking which versions are supported, drop support for everything before 1.2. Change-Id: Ia3883a26ac26df6bbb5353fb074a2e0f814737be Signed-off-by: Max Fillinger Acked-by: Arne Schwabe Message-Id: <20240618120219.5053-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28773.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index a68588e84..ec9ec13a3 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1040,12 +1040,8 @@ tls_version_max(void) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) return TLS_VER_1_2; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_1) - return TLS_VER_1_1; -#elif defined(MBEDTLS_SSL_PROTO_TLS1) - return TLS_VER_1_0; #else /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ - #error "mbedtls is compiled without support for TLS 1.0, 1.1 and 1.2." + #error "mbedtls is compiled without support for TLS 1.2." #endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ } @@ -1067,20 +1063,6 @@ tls_version_to_major_minor(int tls_ver, int *major, int *minor) switch (tls_ver) { -#if defined(MBEDTLS_SSL_PROTO_TLS1) - case TLS_VER_1_0: - *major = MBEDTLS_SSL_MAJOR_VERSION_3; - *minor = MBEDTLS_SSL_MINOR_VERSION_1; - break; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_1) - case TLS_VER_1_1: - *major = MBEDTLS_SSL_MAJOR_VERSION_3; - *minor = MBEDTLS_SSL_MINOR_VERSION_2; - break; -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case TLS_VER_1_2: *major = MBEDTLS_SSL_MAJOR_VERSION_3;