Update documentation using enable-ssl3 Configure flags

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)

diff --git a/INSTALL.md b/INSTALL.md
index 0c6b895cc8a7f33b2aad4a98fa9c98a3ab305964..9884caabe9553f44a15169a11199ad058e3a1366 100644 (file)
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -1161,8 +1161,8 @@ Don't build support for negotiating the specified SSL/TLS protocol.
 
 If `no-tls` is selected then all of `tls1`, `tls1_1`, `tls1_2` and `tls1_3`
 are disabled.
-Similarly `no-dtls` will disable `dtls1` and `dtls1_2`.  The `no-ssl` option is
-synonymous with `no-ssl3`.  Note this only affects version negotiation.
+Similarly `no-dtls` will disable `dtls1` and `dtls1_2`.
+`no-ssl` and `no-ssl3` are deprecated and do nothing.
 OpenSSL will still provide the methods for applications to explicitly select
 the individual protocol versions.
 
@@ -1178,6 +1178,7 @@ Analogous to `no-{protocol}` but in addition do not build the methods for
 applications to explicitly select individual protocol versions.  Note that there
 is no `no-tls1_3-method` option because there is no application method for
 TLSv1.3.
+`no-ssl3` is deprecated and does nothing.
 
 Using individual protocol methods directly is deprecated.  Applications should
 use `TLS_method()` instead.

diff --git a/NOTES-NONSTOP.md b/NOTES-NONSTOP.md
index a2d485132da6840fd48d5592497436ca5216c8b5..bddae7675d1279c0161c5ff76a1ae38e828a8643 100644 (file)
--- a/NOTES-NONSTOP.md
+++ b/NOTES-NONSTOP.md
@@ -187,7 +187,7 @@ the following variables. The following set of compiler defines are required:
 ### Optional Build Variables
 
     DBGFLAG="--debug"
-    CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4"
+    CIPHENABLES="enable-weak-ssl-ciphers enable-rc4"
 
 ### Internal Known TNS/X to TNS/E Cross Compile Variables
 

diff --git a/fuzz/README.md b/fuzz/README.md
index 795606fec2c439ac09504d37e4adbb1d2cc0f800..118ad684e973b3b094245d50af361a3683fe46e7 100644 (file)
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -29,7 +29,7 @@ to the `libFuzzer` library file while configuring; this is represented as
             -fsanitize=fuzzer-no-link \
             enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \
             enable-weak-ssl-ciphers enable-rc5 enable-md2 \
-            enable-ssl3 enable-ssl3-method enable-nextprotoneg \
+            enable-nextprotoneg \
             --debug
 
 Clang uses the gcc libstdc++ library so this must also be installed. You can
@@ -95,8 +95,7 @@ prebuilt fuzzer library. This is represented as `$PATH_TO_LIBFUZZER_DIR` below.
             -fsanitize=fuzzer-no-link \
             enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \
             enable-weak-ssl-ciphers enable-rc5 enable-md2 \
-            enable-ssl3 enable-ssl3-method enable-nextprotoneg \
-            --debug
+            enable-nextprotoneg --debug
 
 AFL
 ---
@@ -108,9 +107,8 @@ Configure for fuzzing:
     sudo apt-get install afl-clang
     CC=afl-clang-fast ./config enable-fuzz-afl no-shared no-module \
         -DPEDANTIC enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 \
-        enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg \
-        enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \
-        --debug
+        enable-md2 enable-nextprotoneg enable-ec_nistp_64_gcc_128 \
+        -fno-sanitize=alignment --debug
     make clean
     make
 

diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 85b44dcd4024b9897eba1bd6c4b0212ea6a71200..2b1c327e89bf2970e847f257bdbe5cee0aabd818 100644 (file)
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -272,8 +272,8 @@ In the above examples, `default` is the provider to use.
 
 Note that the test expectations sometimes depend on the Configure settings. For
 example, the negotiated protocol depends on the set of available (enabled)
-protocols: a build with `enable-ssl3` has different test expectations than a
-build with `no-ssl3`.
+protocols: a build with `enable-tls1_3` has different test expectations than a
+build with `no-tls1_3`.
 
 The Perl test harness automatically generates expected outputs, so users who
 just run `make test` do not need any extra steps.