Backport TLS v1.1 support from HEAD

2010-06-27 14:15:02 +00:00 · 2010-06-27 14:15:02 +00:00 · 1eb1cf452b
commit 1eb1cf452b
parent c549810def
3 changed files with 17 additions and 2 deletions
--- a/10
+++ b/10
@ -4,7 +4,15 @@
 Changes between 1.0.0a and 1.0.1  [xx XXX xxxx]
-  *)
+  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
     a few changes are required:
       Add SSL_OP_NO_TLSv1_1 flag.
       Add TLSv1_1 methods.
       Update version checking logic to handle version 1.1.
       Add explicit IV handling (ported from DTLS code).
       Add command line options to s_client/s_server.
     [Steve Henson]
 Changes between 1.0.0a and 1.0.0b  [xx XXX xxxx]
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -318,10 +318,11 @@ static void sc_usage(void)
 #endif
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1_1       - just use TLSv1.1\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
 	BIO_printf(bio_err," -mtu          - set the link layer MTU\n");
-	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
+	BIO_printf(bio_err," -no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
@ -597,6 +598,8 @@ int MAIN(int argc, char **argv)
 			meth=SSLv3_client_method();
 #endif
 #ifndef OPENSSL_NO_TLS1
 		else if	(strcmp(*argv,"-tls1_1") == 0)
 			meth=TLSv1_1_client_method();
 		else if	(strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
@ -645,6 +648,8 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-no_tls1_1") == 0)
 			off|=SSL_OP_NO_TLSv1_1;
 		else if (strcmp(*argv,"-no_tls1") == 0)
 			off|=SSL_OP_NO_TLSv1;
 		else if (strcmp(*argv,"-no_ssl3") == 0)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -458,6 +458,7 @@ static void sv_usage(void)
 #endif
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
 	BIO_printf(bio_err," -tls1_1       - Just talk TLSv1_1\n");
 	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
 	BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");
 	BIO_printf(bio_err," -timeout      - Enable timeouts\n");
@ -466,6 +467,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
 	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
 	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
 	BIO_printf(bio_err," -no_tls1_1    - Just disable TLSv1.1\n");
 #ifndef OPENSSL_NO_DH
 	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
 #endif