Commit 8d623d4979 for openssl.org
commit 8d623d4979f0e218242bdca5aeca01fd1abd6bf8
Author: Andrew Dinh <andrewd@openssl.org>
Date: Thu Sep 11 17:39:39 2025 +1000
Update documentation using enable-ssl3 Configure flags
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
diff --git a/INSTALL.md b/INSTALL.md
index 0c6b895cc8..9884caabe9 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -1161,8 +1161,8 @@ Don't build support for negotiating the specified SSL/TLS protocol.
If `no-tls` is selected then all of `tls1`, `tls1_1`, `tls1_2` and `tls1_3`
are disabled.
-Similarly `no-dtls` will disable `dtls1` and `dtls1_2`. The `no-ssl` option is
-synonymous with `no-ssl3`. Note this only affects version negotiation.
+Similarly `no-dtls` will disable `dtls1` and `dtls1_2`.
+`no-ssl` and `no-ssl3` are deprecated and do nothing.
OpenSSL will still provide the methods for applications to explicitly select
the individual protocol versions.
@@ -1178,6 +1178,7 @@ Analogous to `no-{protocol}` but in addition do not build the methods for
applications to explicitly select individual protocol versions. Note that there
is no `no-tls1_3-method` option because there is no application method for
TLSv1.3.
+`no-ssl3` is deprecated and does nothing.
Using individual protocol methods directly is deprecated. Applications should
use `TLS_method()` instead.
diff --git a/NOTES-NONSTOP.md b/NOTES-NONSTOP.md
index a2d485132d..bddae7675d 100644
--- a/NOTES-NONSTOP.md
+++ b/NOTES-NONSTOP.md
@@ -187,7 +187,7 @@ the following variables. The following set of compiler defines are required:
### Optional Build Variables
DBGFLAG="--debug"
- CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4"
+ CIPHENABLES="enable-weak-ssl-ciphers enable-rc4"
### Internal Known TNS/X to TNS/E Cross Compile Variables
diff --git a/fuzz/README.md b/fuzz/README.md
index 795606fec2..118ad684e9 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -29,7 +29,7 @@ to the `libFuzzer` library file while configuring; this is represented as
-fsanitize=fuzzer-no-link \
enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \
enable-weak-ssl-ciphers enable-rc5 enable-md2 \
- enable-ssl3 enable-ssl3-method enable-nextprotoneg \
+ enable-nextprotoneg \
--debug
Clang uses the gcc libstdc++ library so this must also be installed. You can
@@ -95,8 +95,7 @@ prebuilt fuzzer library. This is represented as `$PATH_TO_LIBFUZZER_DIR` below.
-fsanitize=fuzzer-no-link \
enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \
enable-weak-ssl-ciphers enable-rc5 enable-md2 \
- enable-ssl3 enable-ssl3-method enable-nextprotoneg \
- --debug
+ enable-nextprotoneg --debug
AFL
---
@@ -108,9 +107,8 @@ Configure for fuzzing:
sudo apt-get install afl-clang
CC=afl-clang-fast ./config enable-fuzz-afl no-shared no-module \
-DPEDANTIC enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 \
- enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg \
- enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \
- --debug
+ enable-md2 enable-nextprotoneg enable-ec_nistp_64_gcc_128 \
+ -fno-sanitize=alignment --debug
make clean
make
diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 85b44dcd40..2b1c327e89 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -272,8 +272,8 @@ In the above examples, `default` is the provider to use.
Note that the test expectations sometimes depend on the Configure settings. For
example, the negotiated protocol depends on the set of available (enabled)
-protocols: a build with `enable-ssl3` has different test expectations than a
-build with `no-ssl3`.
+protocols: a build with `enable-tls1_3` has different test expectations than a
+build with `no-tls1_3`.
The Perl test harness automatically generates expected outputs, so users who
just run `make test` do not need any extra steps.