mbedtls: Remove support for old TLS versions

Recent versions of mbedtls have dropped support for TLS 1.0 and 1.1. Rather than checking which versions are supported, drop support for everything before 1.2. Change-Id: Ia3883a26ac26df6bbb5353fb074a2e0f814737be Signed-off-by: Max Fillinger <[email protected]> Acked-by: Arne Schwabe <[email protected]> Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg28773.html Signed-off-by: Gert Doering <[email protected]>
cron2 · Jun 18, 2024 · 013c119 · 013c119
1 parent 13ee7f9
commit 013c119
Showing 1 changed file with 1 addition and 19 deletions.
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
@@ -1040,12 +1040,8 @@ tls_version_max(void)
 {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     return TLS_VER_1_2;
-#elif defined(MBEDTLS_SSL_PROTO_TLS1_1)
-    return TLS_VER_1_1;
-#elif defined(MBEDTLS_SSL_PROTO_TLS1)
-    return TLS_VER_1_0;
 #else /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */
-    #error "mbedtls is compiled without support for TLS 1.0, 1.1 and 1.2."
+    #error "mbedtls is compiled without support for TLS 1.2."
 #endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */
 }
 
@@ -1067,20 +1063,6 @@ tls_version_to_major_minor(int tls_ver, int *major, int *minor)
 
     switch (tls_ver)
     {
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
-        case TLS_VER_1_0:
-            *major = MBEDTLS_SSL_MAJOR_VERSION_3;
-            *minor = MBEDTLS_SSL_MINOR_VERSION_1;
-            break;
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
-        case TLS_VER_1_1:
-            *major = MBEDTLS_SSL_MAJOR_VERSION_3;
-            *minor = MBEDTLS_SSL_MINOR_VERSION_2;
-            break;
-#endif
-
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         case TLS_VER_1_2:
             *major = MBEDTLS_SSL_MAJOR_VERSION_3;