Update: Require at least OpenSSL 1.1.0 and TLS 1.2

See: #2432

configure.ac

@@ -210,7 +210,7 @@ PKG_HAVE_WITH_MODULES([CURL], [libcurl], [
 dnl
 dnl openssl
 dnl
-PKG_HAVE_WITH_MODULES([OPENSSL], [openssl], [
+PKG_HAVE_WITH_MODULES([OPENSSL], [openssl >= 1.1.0], [
   CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
   LIBS="${LIBS} ${OPENSSL_LIBS}"
 ])

src/tls.c

@@ -56,17 +56,10 @@ struct tls_tag {
 
 void       tls_initialize(void)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    SSL_load_error_strings(); /* readable error messages */
-    SSL_library_init(); /* initialize library */
-#endif
 }
 
 void       tls_shutdown(void)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    ERR_free_strings();
-#endif
 }
 
 tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *cipher_list)
@@ -83,13 +76,8 @@ tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *
 
     ctx->refc = 1;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    ctx->ctx = SSL_CTX_new(SSLv23_server_method());
-    ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; // Disable SSLv2 and SSLv3
-#else
     ctx->ctx = SSL_CTX_new(TLS_server_method());
-    SSL_CTX_set_min_proto_version(ctx->ctx, TLS1_VERSION);
-#endif
+    SSL_CTX_set_min_proto_version(ctx->ctx, TLS1_2_VERSION);
 
 #ifdef SSL_OP_NO_COMPRESSION
     ssl_opts |= SSL_OP_NO_COMPRESSION;             // Never use compression