From 6bd173fced6935db65756ecd0678e8666c53284e Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 9 Oct 2011 23:28:25 +0000
Subject: [PATCH] Don't disable TLS v1.2 by default any more.

---
 apps/s_client.c | 3 ---
 apps/s_server.c | 3 ---
 ssl/ssl_lib.c   | 2 --
 3 files changed, 8 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index daf22ba51c..cde4828796 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1044,9 +1044,6 @@ bad:
 		SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
 		}
 #endif
-	/* HACK while TLS v1.2 is disabled by default */
-	if (!(off & SSL_OP_NO_TLSv1_2))
-		SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
 	if (bugs)
 		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
 	else
diff --git a/apps/s_server.c b/apps/s_server.c
index 71c92e6ca4..0137b31cd1 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1463,9 +1463,6 @@ bad:
 	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
-	/* HACK while TLS v1.2 is disabled by default */
-	if (!(off & SSL_OP_NO_TLSv1_2))
-		SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
 	SSL_CTX_set_options(ctx,off);
 	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
 	 * Setting read ahead solves this problem.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ee84bb78d8..0a6cf3ad30 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1717,8 +1717,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 	 * deployed might change this.
 	 */
 	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-	/* Disable TLS v1.2 by default for now */
-	ret->options |= SSL_OP_NO_TLSv1_2;
 
 	return(ret);
 err:
-- 
2.34.1