{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
{"V", OPT_UPPER_V, '-', "Even more verbose"},
{"s", OPT_S, '-', "Only supported ciphers"},
+#ifndef OPENSSL_NO_SSL3
+ {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
{"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
{"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
+#endif
#ifndef OPENSSL_NO_SSL_TRACE
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#endif
-#ifndef OPENSSL_NO_SSL3
- {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
-#endif
#ifndef OPENSSL_NO_PSK
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
#endif
char *ciphers = NULL, *prog;
char buf[512];
OPTION_CHOICE o;
+ int min_version = 0, max_version = 0;
prog = opt_init(argc, argv, ciphers_options);
while ((o = opt_next()) != OPT_EOF) {
#endif
break;
case OPT_SSL3:
-#ifndef OPENSSL_NO_SSL3
- meth = SSLv3_client_method();
-#endif
+ min_version = SSL3_VERSION;
+ max_version = SSL3_VERSION;
break;
case OPT_TLS1:
- meth = TLSv1_client_method();
+ min_version = TLS1_VERSION;
+ max_version = TLS1_VERSION;
break;
case OPT_TLS1_1:
- meth = TLSv1_1_client_method();
+ min_version = TLS1_1_VERSION;
+ max_version = TLS1_1_VERSION;
break;
case OPT_TLS1_2:
- meth = TLSv1_2_client_method();
+ min_version = TLS1_2_VERSION;
+ max_version = TLS1_2_VERSION;
break;
case OPT_PSK:
#ifndef OPENSSL_NO_PSK
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
+ if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+ goto err;
+ if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+ goto err;
+
#ifndef OPENSSL_NO_PSK
if (psk)
SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
if (!verbose) {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
- SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
+ const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
p = SSL_CIPHER_get_name(c);
if (p == NULL)
break;
} else {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk, i);