Add no-ssl3 back as a no-op

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)

diff --git a/apps/include/opt.h b/apps/include/opt.h
index a9b50c3f008892ddb06a0af742a8f10050c26c84..a2facb02521bb3a7f1f2b5eef10c4d693a09a662 100644 (file)
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -157,7 +157,7 @@
  */
 #define OPT_S_ENUM                                                    \
     OPT_S__FIRST = 3000,                                              \
-    OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2,                     \
+    OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2,       \
     OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET,        \
     OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG,           \
     OPT_S_LEGACYCONN,                                                 \
@@ -176,6 +176,7 @@
 
 #define OPT_S_OPTIONS                                                                                           \
     OPT_SECTION("TLS/SSL"),                                                                                     \
+        { "no_ssl3", OPT_S_NOSSL3, '-', "Just disable SSLv3" },                                                 \
         { "no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1" },                                                 \
         { "no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" },                                           \
         { "no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2" },                                           \
@@ -238,6 +239,7 @@
     OPT_S__FIRST:                 \
     case OPT_S__LAST:             \
     break;                        \
+    case OPT_S_NOSSL3:            \
     case OPT_S_NOTLS1:            \
     case OPT_S_NOTLS1_1:          \
     case OPT_S_NOTLS1_2:          \
@@ -274,8 +276,8 @@
     case OPT_S_NO_ETM:            \
     case OPT_S_NO_EMS
 
-#define IS_NO_PROT_FLAG(o)                    \
-    (o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
+#define IS_NO_PROT_FLAG(o)                                         \
+    (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
         || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
 
 /*

diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index ff66bcb2605867c53e9a0c5b1e6ae1cdb245df12..00ef668d6f49a9bdf550f0357271297cb348955e 100644 (file)
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -597,7 +597,7 @@ OpenSSL was built.
 
 =over 4
 
-=item B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
+=item B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
 
 These options require or disable the use of the specified SSL or TLS protocols.
 When a specific TLS version is required, only that version will be offered or

diff --git a/doc/perlvars.pm b/doc/perlvars.pm
index 82d37a60742433d874e62f15e4d99f6c68683284..5bc8ac61c5c429fef5d492f155f473d773418289 100644 (file)
--- a/doc/perlvars.pm
+++ b/doc/perlvars.pm
@@ -131,6 +131,7 @@ $OpenSSL::safe::opt_trust_item = ""
 
 # TLS Version Options
 $OpenSSL::safe::opt_versiontls_synopsis = ""
+. "[B<-no_ssl3>]\n"
 . "[B<-no_tls1>]\n"
 . "[B<-no_tls1_1>]\n"
 . "[B<-no_tls1_2>]\n"
@@ -140,7 +141,7 @@ $OpenSSL::safe::opt_versiontls_synopsis = ""
 . "[B<-tls1_2>]\n"
 . "[B<-tls1_3>]";
 $OpenSSL::safe::opt_versiontls_item = ""
-. "=item B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>,\n"
+. "=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>,\n"
 . "B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>\n"
 . "\n"
 . "See L<openssl(1)/TLS Version Options>.";