From: Andrew Dinh Date: Thu, 11 Sep 2025 07:39:39 +0000 (+1000) Subject: Update documentation using enable-ssl3 Configure flags X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d623d4979f0e218242bdca5aeca01fd1abd6bf8;p=thirdparty%2Fopenssl.git Update documentation using enable-ssl3 Configure flags Reviewed-by: Neil Horman Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz Reviewed-by: Saša Nedvědický Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/29338) --- diff --git a/INSTALL.md b/INSTALL.md index 0c6b895cc8..9884caabe9 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1161,8 +1161,8 @@ Don't build support for negotiating the specified SSL/TLS protocol. If `no-tls` is selected then all of `tls1`, `tls1_1`, `tls1_2` and `tls1_3` are disabled. -Similarly `no-dtls` will disable `dtls1` and `dtls1_2`. The `no-ssl` option is -synonymous with `no-ssl3`. Note this only affects version negotiation. +Similarly `no-dtls` will disable `dtls1` and `dtls1_2`. +`no-ssl` and `no-ssl3` are deprecated and do nothing. OpenSSL will still provide the methods for applications to explicitly select the individual protocol versions. @@ -1178,6 +1178,7 @@ Analogous to `no-{protocol}` but in addition do not build the methods for applications to explicitly select individual protocol versions. Note that there is no `no-tls1_3-method` option because there is no application method for TLSv1.3. +`no-ssl3` is deprecated and does nothing. Using individual protocol methods directly is deprecated. Applications should use `TLS_method()` instead. diff --git a/NOTES-NONSTOP.md b/NOTES-NONSTOP.md index a2d485132d..bddae7675d 100644 --- a/NOTES-NONSTOP.md +++ b/NOTES-NONSTOP.md @@ -187,7 +187,7 @@ the following variables. The following set of compiler defines are required: ### Optional Build Variables DBGFLAG="--debug" - CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4" + CIPHENABLES="enable-weak-ssl-ciphers enable-rc4" ### Internal Known TNS/X to TNS/E Cross Compile Variables diff --git a/fuzz/README.md b/fuzz/README.md index 795606fec2..118ad684e9 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -29,7 +29,7 @@ to the `libFuzzer` library file while configuring; this is represented as -fsanitize=fuzzer-no-link \ enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ enable-weak-ssl-ciphers enable-rc5 enable-md2 \ - enable-ssl3 enable-ssl3-method enable-nextprotoneg \ + enable-nextprotoneg \ --debug Clang uses the gcc libstdc++ library so this must also be installed. You can @@ -95,8 +95,7 @@ prebuilt fuzzer library. This is represented as `$PATH_TO_LIBFUZZER_DIR` below. -fsanitize=fuzzer-no-link \ enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ enable-weak-ssl-ciphers enable-rc5 enable-md2 \ - enable-ssl3 enable-ssl3-method enable-nextprotoneg \ - --debug + enable-nextprotoneg --debug AFL --- @@ -108,9 +107,8 @@ Configure for fuzzing: sudo apt-get install afl-clang CC=afl-clang-fast ./config enable-fuzz-afl no-shared no-module \ -DPEDANTIC enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 \ - enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg \ - enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ - --debug + enable-md2 enable-nextprotoneg enable-ec_nistp_64_gcc_128 \ + -fno-sanitize=alignment --debug make clean make diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 85b44dcd40..2b1c327e89 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -272,8 +272,8 @@ In the above examples, `default` is the provider to use. Note that the test expectations sometimes depend on the Configure settings. For example, the negotiated protocol depends on the set of available (enabled) -protocols: a build with `enable-ssl3` has different test expectations than a -build with `no-ssl3`. +protocols: a build with `enable-tls1_3` has different test expectations than a +build with `no-tls1_3`. The Perl test harness automatically generates expected outputs, so users who just run `make test` do not need any extra steps.