From: Colin Pinnell McAllister <colinmca242@gmail.com>
Date: Fri, 13 Feb 2026 23:01:28 +0000 (-0600)
Subject: openssl: Disable TLS 1.0/1.1 by default
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5501e77208825b6ebffe51e8d680cdd84cfd0ab;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

openssl: Disable TLS 1.0/1.1 by default

TLS 1.0 and TLS 1.1 have been deprecated by the IETF since 2021.
Disables support by default in packageconfig, requiring users to
explicitly opt-in for these deprecated protocols.

Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb b/meta/recipes-connectivity/openssl/openssl_3.5.5.bb
index c0d02b617b..6b9ccef0b5 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.5.5.bb
@@ -29,8 +29,8 @@ PACKAGECONFIG:class-native = ""
 PACKAGECONFIG:class-nativesdk = ""
 
 PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
-PACKAGECONFIG[no-tls1] = "no-tls1"
-PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
+PACKAGECONFIG[tls1] = ",no-tls1"
+PACKAGECONFIG[tls1_1] = ",no-tls1_1"
 PACKAGECONFIG[manpages] = ""
 PACKAGECONFIG[fips] = "enable-fips"