From: Emmanuel Hocdet <manu@gandi.net>
Date: Fri, 24 Mar 2017 14:20:03 +0000 (+0100)
Subject: MINOR: ssl: show methods supported by openssl
X-Git-Tag: v1.8-dev2~41
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=50e25e1dbce265f4a40cb4495ec3a4fe7c3af023;p=thirdparty%2Fhaproxy.git

MINOR: ssl: show methods supported by openssl

TLS v1.3 incoming, SSLv3 will disappears: it could be useful to list
all methods supported by haproxy/openssl (with -vvv).
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 63c0f7928b..5014e70b19 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7538,7 +7538,7 @@ static void __ssl_sock_init(void)
 	ptr = NULL;
 	memprintf(&ptr, "Built with OpenSSL version : "
 #ifdef OPENSSL_IS_BORINGSSL
-		"BoringSSL\n");
+		"BoringSSL");
 #else /* OPENSSL_IS_BORINGSSL */
 	        OPENSSL_VERSION_TEXT
 		"\nRunning on OpenSSL version : %s%s",
@@ -7564,6 +7564,24 @@ static void __ssl_sock_init(void)
 #else
 		"no (version might be too old, 0.9.8f min needed)"
 #endif
+#endif
+	       "", ptr);
+
+	memprintf(&ptr, "%s\nOpenSSL library supports : "
+#if SSL_OP_NO_SSLv3
+		  "SSLv3 "
+#endif
+#if SSL_OP_NO_TLSv1
+		  "TLSv1.0 "
+#endif
+#if SSL_OP_NO_TLSv1_1
+		  "TLSv1.1 "
+#endif
+#if SSL_OP_NO_TLSv1_2
+		  "TLSv1.2 "
+#endif
+#if SSL_OP_NO_TLSv1_3
+		  "TLSv1.3"
 #endif
 	       "", ptr);