Commit 6821363f28 for openssl.org
commit 6821363f28148b8ff6fedde0fcac6271f17e8e6e
Author: Andrew Dinh <andrewd@openssl.org>
Date: Wed Dec 17 00:44:18 2025 +0400
Add no-ssl3 back as a no-op
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
diff --git a/apps/include/opt.h b/apps/include/opt.h
index a9b50c3f00..a2facb0252 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -157,7 +157,7 @@
*/
#define OPT_S_ENUM \
OPT_S__FIRST = 3000, \
- OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
+ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \
OPT_S_LEGACYCONN, \
@@ -176,6 +176,7 @@
#define OPT_S_OPTIONS \
OPT_SECTION("TLS/SSL"), \
+ { "no_ssl3", OPT_S_NOSSL3, '-', "Just disable SSLv3" }, \
{ "no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1" }, \
{ "no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
{ "no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2" }, \
@@ -238,6 +239,7 @@
OPT_S__FIRST: \
case OPT_S__LAST: \
break; \
+ case OPT_S_NOSSL3: \
case OPT_S_NOTLS1: \
case OPT_S_NOTLS1_1: \
case OPT_S_NOTLS1_2: \
@@ -274,8 +276,8 @@
case OPT_S_NO_ETM: \
case OPT_S_NO_EMS
-#define IS_NO_PROT_FLAG(o) \
- (o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
+#define IS_NO_PROT_FLAG(o) \
+ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
|| o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
/*
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index ff66bcb260..00ef668d6f 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -597,7 +597,7 @@ OpenSSL was built.
=over 4
-=item B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
+=item B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
These options require or disable the use of the specified SSL or TLS protocols.
When a specific TLS version is required, only that version will be offered or
diff --git a/doc/perlvars.pm b/doc/perlvars.pm
index 82d37a6074..5bc8ac61c5 100644
--- a/doc/perlvars.pm
+++ b/doc/perlvars.pm
@@ -131,6 +131,7 @@ $OpenSSL::safe::opt_trust_item = ""
# TLS Version Options
$OpenSSL::safe::opt_versiontls_synopsis = ""
+. "[B<-no_ssl3>]\n"
. "[B<-no_tls1>]\n"
. "[B<-no_tls1_1>]\n"
. "[B<-no_tls1_2>]\n"
@@ -140,7 +141,7 @@ $OpenSSL::safe::opt_versiontls_synopsis = ""
. "[B<-tls1_2>]\n"
. "[B<-tls1_3>]";
$OpenSSL::safe::opt_versiontls_item = ""
-. "=item B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>,\n"
+. "=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>,\n"
. "B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>\n"
. "\n"
. "See L<openssl(1)/TLS Version Options>.";