Use minimum and maximum protocol version instead of version fixed methods

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824

1 files changed, 14 insertions, 12 deletions

diff --git a/apps/ciphers.c b/apps/ciphers.c
index 3e1ed95..924c015 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -126,6 +126,7 @@ int ciphers_main(int argc, char **argv)
     char *ciphers = NULL, *prog;
     char buf[512];
     OPTION_CHOICE o;
+    int min_version = 0, max_version = 0;
 
     prog = opt_init(argc, argv, ciphers_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -154,24 +155,20 @@ int ciphers_main(int argc, char **argv)
 #endif
             break;
         case OPT_SSL3:
-#ifndef OPENSSL_NO_SSL3
-            meth = SSLv3_client_method();
-#endif
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
             break;
         case OPT_TLS1:
-#ifndef OPENSSL_NO_TLS1
-            meth = TLSv1_client_method();
-#endif
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
             break;
         case OPT_TLS1_1:
-#ifndef OPENSSL_NO_TLS1_1
-            meth = TLSv1_1_client_method();
-#endif
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
             break;
         case OPT_TLS1_2:
-#ifndef OPENSSL_NO_TLS1_2
-            meth = TLSv1_2_client_method();
-#endif
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
             break;
         case OPT_PSK:
 #ifndef OPENSSL_NO_PSK
@@ -191,6 +188,11 @@ int ciphers_main(int argc, char **argv)
     ctx = SSL_CTX_new(meth);
     if (ctx == NULL)
         goto err;
+    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto err;
+    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto err;
+
 #ifndef OPENSSL_NO_PSK
     if (psk)
         SSL_CTX_set_psk_client_callback(ctx, dummy_psk);