Support disabling any or all TLS or DTLS versions

Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just
TLS 1.2.  In the future they might want to disable TLS 1.2 and
enable just TLS 1.3, ...

This commit makes it possible to disable any or all of the TLS or
DTLS protocols.  It also considerably simplifies the SSL/TLS tests,
by auto-generating the min/max version tests based on the set of
supported protocols (425 explicitly written out tests got replaced
by two loops that generate all 425 tests if all protocols are
enabled, fewer otherwise).

Reviewed-by: Richard Levitte <levitte@openssl.org>

1 files changed, 22 insertions, 0 deletions

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 7142128fd7..984df19b58 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -727,11 +727,25 @@ typedef struct {
 #endif
 
 static const version_info tls_version_table[] = {
+#ifndef OPENSSL_NO_TLS1_2
     { TLS1_2_VERSION, TLSv1_2_client_method, TLSv1_2_server_method },
+#else
+    { TLS1_2_VERSION, NULL, NULL },
+#endif
+#ifndef OPENSSL_NO_TLS1_1
     { TLS1_1_VERSION, TLSv1_1_client_method, TLSv1_1_server_method },
+#else
+    { TLS1_1_VERSION, NULL, NULL },
+#endif
+#ifndef OPENSSL_NO_TLS1
     { TLS1_VERSION, TLSv1_client_method, TLSv1_server_method },
+#else
+    { TLS1_VERSION, NULL, NULL },
+#endif
 #ifndef OPENSSL_NO_SSL3
     { SSL3_VERSION, SSLv3_client_method, SSLv3_server_method },
+#else
+    { SSL3_VERSION, NULL, NULL },
 #endif
     { 0, NULL, NULL },
 };
@@ -741,8 +755,16 @@ static const version_info tls_version_table[] = {
 #endif
 
 static const version_info dtls_version_table[] = {
+#ifndef OPENSSL_NO_DTLS1_2
     { DTLS1_2_VERSION, DTLSv1_2_client_method, DTLSv1_2_server_method },
+#else
+    { DTLS1_2_VERSION, NULL, NULL },
+#endif
+#ifndef OPENSSL_NO_DTLS1
     { DTLS1_VERSION, DTLSv1_client_method, DTLSv1_server_method },
+#else
+    { DTLS1_VERSION, NULL, NULL },
+#endif
     { 0, NULL, NULL },
 };