=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/ciphers.c,v retrieving revision 1.13 retrieving revision 1.14 diff -c -r1.13 -r1.14 *** src/usr.bin/openssl/ciphers.c 2022/07/14 08:37:17 1.13 --- src/usr.bin/openssl/ciphers.c 2022/07/19 16:07:35 1.14 *************** *** 1,4 **** ! /* $OpenBSD: ciphers.c,v 1.13 2022/07/14 08:37:17 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * --- 1,4 ---- ! /* $OpenBSD: ciphers.c,v 1.14 2022/07/19 16:07:35 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * *************** *** 28,33 **** --- 28,34 ---- int usage; int use_supported; int verbose; + int version; } ciphers_config; static const struct option ciphers_options[] = { *************** *** 49,57 **** }, { .name = "tls1", ! .type = OPTION_DISCARD, }, { .name = "v", .desc = "Provide cipher listing", .type = OPTION_VALUE, --- 50,82 ---- }, { .name = "tls1", ! .desc = "Use TLS protocol version 1", ! .type = OPTION_VALUE, ! .opt.value = &ciphers_config.version, ! .value = TLS1_VERSION, }, { + .name = "tls1_1", + .desc = "Use TLS protocol version 1.1", + .type = OPTION_VALUE, + .opt.value = &ciphers_config.version, + .value = TLS1_1_VERSION, + }, + { + .name = "tls1_2", + .desc = "Use TLS protocol version 1.2", + .type = OPTION_VALUE, + .opt.value = &ciphers_config.version, + .value = TLS1_2_VERSION, + }, + { + .name = "tls1_3", + .desc = "Use TLS protocol version 1.3", + .type = OPTION_VALUE, + .opt.value = &ciphers_config.version, + .value = TLS1_3_VERSION, + }, + { .name = "v", .desc = "Provide cipher listing", .type = OPTION_VALUE, *************** *** 71,77 **** static void ciphers_usage(void) { ! fprintf(stderr, "usage: ciphers [-hsVv] [cipherlist]\n"); options_usage(ciphers_options); } --- 96,103 ---- static void ciphers_usage(void) { ! fprintf(stderr, "usage: ciphers [-hsVv] [-tls1] [-tls1_1] [-tls1_2] " ! "[-tls1_3] [cipherlist]\n"); options_usage(ciphers_options); } *************** *** 108,115 **** return (1); } ! if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) goto err; if (cipherlist != NULL) { if (SSL_CTX_set_cipher_list(ssl_ctx, cipherlist) == 0) --- 134,150 ---- return (1); } ! if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) goto err; + + if (ciphers_config.version != 0) { + if (!SSL_CTX_set_min_proto_version(ssl_ctx, + ciphers_config.version)) + goto err; + if (!SSL_CTX_set_max_proto_version(ssl_ctx, + ciphers_config.version)) + goto err; + } if (cipherlist != NULL) { if (SSL_CTX_set_cipher_list(ssl_ctx, cipherlist) == 0)