Don't disable TLS v1.2 by default any more.

diff --git a/apps/s_client.c b/apps/s_client.c
index daf22ba51cc532c311bce99f21c16ec4ddb63ac7..cde4828796f8c8a669c85da52b8ead76b99ce0a9 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1044,9 +1044,6 @@ bad:
                SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
                }
 #endif
-       /* HACK while TLS v1.2 is disabled by default */
-       if (!(off & SSL_OP_NO_TLSv1_2))
-               SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
        if (bugs)
                SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
        else

diff --git a/apps/s_server.c b/apps/s_server.c
index 71c92e6ca41d2386385bd7f019444554fcccd6e3..0137b31cd11daba9a17c897cccf610041e96f532 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1463,9 +1463,6 @@ bad:
        SSL_CTX_set_quiet_shutdown(ctx,1);
        if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
        if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
-       /* HACK while TLS v1.2 is disabled by default */
-       if (!(off & SSL_OP_NO_TLSv1_2))
-               SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
        SSL_CTX_set_options(ctx,off);
        /* DTLS: partial reads end up discarding unread UDP bytes :-( 
         * Setting read ahead solves this problem.

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ee84bb78d87e155cb1c12a1456c1c346bc53b796..0a6cf3ad3020e98f438d767c0898288ba2aa9057 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1717,8 +1717,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
         * deployed might change this.
         */
        ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-       /* Disable TLS v1.2 by default for now */
-       ret->options |= SSL_OP_NO_TLSv1_2;
 
        return(ret);
 err: