From 6f16abf1df855c1e06f8e31feaf3765c788b546f Mon Sep 17 00:00:00 2001
From: Philipp Schafft <lion@lion.leolix.org>
Date: Sun, 20 Mar 2022 17:29:58 +0000
Subject: [PATCH] Update: Require at least OpenSSL 1.1.0 and TLS 1.2

See: #2432
---
 configure.ac |  2 +-
 src/tls.c    | 14 +-------------
 2 files changed, 2 insertions(+), 14 deletions(-)

diff --git a/configure.ac b/configure.ac
index 8dbfa8d4..26cb0859 100644
--- a/configure.ac
+++ b/configure.ac
@@ -210,7 +210,7 @@ PKG_HAVE_WITH_MODULES([CURL], [libcurl], [
 dnl
 dnl openssl
 dnl
-PKG_HAVE_WITH_MODULES([OPENSSL], [openssl], [
+PKG_HAVE_WITH_MODULES([OPENSSL], [openssl >= 1.1.0], [
   CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
   LIBS="${LIBS} ${OPENSSL_LIBS}"
 ])
diff --git a/src/tls.c b/src/tls.c
index b0a68d4e..5ebd285c 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -56,17 +56,10 @@ struct tls_tag {
 
 void       tls_initialize(void)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    SSL_load_error_strings(); /* readable error messages */
-    SSL_library_init(); /* initialize library */
-#endif
 }
 
 void       tls_shutdown(void)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    ERR_free_strings();
-#endif
 }
 
 tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *cipher_list)
@@ -83,13 +76,8 @@ tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *
 
     ctx->refc = 1;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    ctx->ctx = SSL_CTX_new(SSLv23_server_method());
-    ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; // Disable SSLv2 and SSLv3
-#else
     ctx->ctx = SSL_CTX_new(TLS_server_method());
-    SSL_CTX_set_min_proto_version(ctx->ctx, TLS1_VERSION);
-#endif
+    SSL_CTX_set_min_proto_version(ctx->ctx, TLS1_2_VERSION);
 
 #ifdef SSL_OP_NO_COMPRESSION
     ssl_opts |= SSL_OP_NO_COMPRESSION;             // Never use compression