From: Renaud Allard <renaud@allard.it>
Subject: openssl command with tls<1.2
To: tech@openbsd.org
Date: Wed, 11 Dec 2024 13:04:10 +0100

Hello,

Since openssl command doesn't return any cipher anymore for tls 1.0 and 
tls 1.1. Shoudln't they be removed in the cipher options for openssl 
command?

Index: ciphers.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/ciphers.c,v
diff -u -p -r1.18 ciphers.c
--- ciphers.c   6 Mar 2023 14:32:05 -0000       1.18
+++ ciphers.c   11 Dec 2024 12:01:57 -0000
@@ -49,20 +49,6 @@ static const struct option ciphers_optio
                 .opt.flag = &cfg.use_supported,
         },
         {
-               .name = "tls1",
-               .desc = "Use TLS protocol version 1",
-               .type = OPTION_VALUE,
-               .opt.value = &cfg.version,
-               .value = TLS1_VERSION,
-       },
-       {
-               .name = "tls1_1",
-               .desc = "Use TLS protocol version 1.1",
-               .type = OPTION_VALUE,
-               .opt.value = &cfg.version,
-               .value = TLS1_1_VERSION,
-       },
-       {
                 .name = "tls1_2",
                 .desc = "Use TLS protocol version 1.2",
                 .type = OPTION_VALUE,
@@ -96,7 +82,7 @@ static const struct option ciphers_optio
  static void
  ciphers_usage(void)
  {
-       fprintf(stderr, "usage: ciphers [-hsVv] [-tls1] [-tls1_1] 
[-tls1_2] "
+       fprintf(stderr, "usage: ciphers [-hsVv] [-tls1_2] "
             "[-tls1_3] [cipherlist]\n");
         options_usage(ciphers_options);
  }