Report TLS 1.0 as backwards-compatible TLSv1

The TLSv1.0 form is retained for reporting the first protocol version
that supports a given cupher.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index aaeeb8da2752afa47f60fbc1e1c88626d3a0fd48..c62b1935b6746485758e66659a599e4ca954e7ff 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1822,6 +1822,13 @@ const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
 {
     if (c == NULL)
         return "(NONE)";
+
+    /*
+     * Backwards-compatibility crutch.  In almost all contexts we report TLS
+     * 1.0 as "TLSv1", but for ciphers we report "TLSv1.0".
+     */
+    if (c->min_tls == TLS1_VERSION)
+        return "TLSv1.0";
     return ssl_protocol_to_string(c->min_tls);
 }
 

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index cec3fc27f219ce0468d1934e41831525fa36e39f..87e3dfad67fd424674532c81b715a3952b0eb1ad 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3067,7 +3067,7 @@ const char *ssl_protocol_to_string(int version)
     else if (version == TLS1_1_VERSION)
         return "TLSv1.1";
     else if (version == TLS1_VERSION)
-        return "TLSv1.0";
+        return "TLSv1";
     else if (version == SSL3_VERSION)
         return "SSLv3";
     else if (version == DTLS1_BAD_VER)