diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2023-06-06 15:16:53 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2023-06-06 15:16:53 +0000 |
commit | 2a98c24d5ca3fe56900d9c54df9372842928b561 (patch) | |
tree | ec0e8947ecce5e7a39d97df347db9aa8e15da7ad | |
parent | b0e9d7b34199b90d78a7937b97165befc59177b0 (diff) |
Make the tlsv1.0 and tlsv1.1 options in relayd do nothing
Also document that fact, and that the existing ssl3 option
does nothing. This changes relayd to no longer request tls1.0
or tls1.1 in preparation for the upcoming deprecation of these
out of data protocols
ok jsing@ bluhm@ tb@ claudio@ benno@
-rw-r--r-- | usr.sbin/relayd/relay.c | 6 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.conf.5 | 20 |
2 files changed, 7 insertions, 19 deletions
diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c index 7491570445d..3341baad659 100644 --- a/usr.sbin/relayd/relay.c +++ b/usr.sbin/relayd/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.255 2022/12/28 21:30:18 jmc Exp $ */ +/* $OpenBSD: relay.c,v 1.256 2023/06/06 15:16:52 beck Exp $ */ /* * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org> @@ -2065,10 +2065,6 @@ relay_tls_ctx_create_proto(struct protocol *proto, struct tls_config *tls_cfg) uint32_t protocols = 0; /* Set the allowed SSL protocols */ - if (proto->tlsflags & TLSFLAG_TLSV1_0) - protocols |= TLS_PROTOCOL_TLSv1_0; - if (proto->tlsflags & TLSFLAG_TLSV1_1) - protocols |= TLS_PROTOCOL_TLSv1_1; if (proto->tlsflags & TLSFLAG_TLSV1_2) protocols |= TLS_PROTOCOL_TLSv1_2; if (proto->tlsflags & TLSFLAG_TLSV1_3) diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index 90ee6995fd5..679da2e1322 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.205 2022/03/31 17:27:31 naddy Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.206 2023/06/06 15:16:52 beck Exp $ .\" .\" Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org> .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: June 6 2023 $ .Dt RELAYD.CONF 5 .Os .Sh NAME @@ -1021,27 +1021,19 @@ The default is to enable TLSv1.3. Disable the TLSv1.2 protocol. The default is to enable TLSv1.2. .It Ic sslv3 -Enable the SSLv3 protocol. -The default is -.Ic no sslv3 . +Is deprecated and does nothing. .It Ic tlsv1 Enable all TLSv1 protocols. -This is an alias that includes -.Ic tlsv1.0 , -.Ic tlsv1.1 , +This is an alias that currently includes .Ic tlsv1.2 , and .Ic tlsv1.3 . The default is .Ic no tlsv1 . .It Ic tlsv1.0 -Enable the TLSv1.0 protocol. -The default is -.Ic no tlsv1.0 . +Is deprecated and does nothing. .It Ic tlsv1.1 -Enable the TLSv1.1 protocol. -The default is -.Ic no tlsv1.1 . +Is deprecated and does nothing. .El .It Ic http Ar option Set the HTTP options and session settings. |