From: Kurt Roeckx <kurt@roeckx.be>
Date: Sat, 2 Jan 2016 19:06:07 +0000 (+0100)
Subject: Allow disabling the min and max version
X-Git-Tag: OpenSSL_1_1_0-pre2~85
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=869e978c9856c3a1faf0c289bfef3048b2af867c;p=thirdparty%2Fopenssl.git

Allow disabling the min and max version

Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
---

diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 2f708458e9c..9feaa281033 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -113,7 +113,8 @@ operations are permitted.
 
 Sets the minimum and maximum supported protocol.
 Currently supported protocol values are B<SSLv3>, B<TLSv1>,
-B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS.
+B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS,
+and B<None> for no limit.
 If the either bound is not specified then only the other bound applies,
 if specified.
 To restrict the supported protocol versions use these commands rather
@@ -275,6 +276,7 @@ This sets the minimum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
 B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The value B<None> will disable the limit.
 
 =item B<MaxProtocol>
 
@@ -282,6 +284,7 @@ This sets the maximum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
 B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The value B<None> will disable the limit.
 
 =item B<Protocol>
 
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 9529d30842c..2c40df15934 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -332,6 +332,7 @@ static int protocol_from_string(const char *value)
         int version;
     };
     static const struct protocol_versions versions[] = {
+        {"None", 0},
         {"SSLv3", SSL3_VERSION},
         {"TLSv1", TLS1_VERSION},
         {"TLSv1.1", TLS1_1_VERSION},
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index bf59eb39257..7142128fd72 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -834,6 +834,11 @@ int ssl_check_version_downgrade(SSL *s)
  */
 int ssl_set_version_bound(int method_version, int version, int *bound)
 {
+    if (version == 0) {
+        *bound = version;
+        return 1;
+    }
+
     /*-
      * Restrict TLS methods to TLS protocol versions.
      * Restrict DTLS methods to DTLS protocol versions.