Remove TLS 1.0/1.1 and DTLS 1.0

4 files changed, 2 insertions, 60 deletions

diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp
index a9904ae2e..0e3cac4f5 100644
--- a/src/cli/timing_tests.cpp
+++ b/src/cli/timing_tests.cpp
@@ -206,7 +206,7 @@ class Lucky13_Timing_Test final : public Timing_Test
          , m_mac_keylen(mac_keylen)
          , m_dec(Botan::BlockCipher::create_or_throw("AES-128"),
                  Botan::MessageAuthenticationCode::create_or_throw("HMAC(" + m_mac_algo + ")"),
-                 16, m_mac_keylen, Botan::TLS::Protocol_Version::TLS_V11, false) {}
+                 16, m_mac_keylen, Botan::TLS::Protocol_Version::TLS_V12, false) {}
 
       std::vector<uint8_t> prepare_input(const std::string& input) override;
       ticks measure_critical_function(const std::vector<uint8_t>& input) override;
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index eee97a4c0..be5f7dfcd 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -29,37 +29,11 @@
 
 namespace Botan_CLI {
 
-class CLI_Policy final : public Botan::TLS::Policy
-   {
-   public:
-
-      CLI_Policy(Botan::TLS::Protocol_Version req_version) : m_version(req_version) {}
-
-      std::vector<std::string> allowed_ciphers() const override
-         {
-         // Allow CBC mode only in versions which don't support AEADs
-         if(m_version.supports_aead_modes() == false)
-            {
-            return { "AES-256", "AES-128" };
-            }
-
-         return Botan::TLS::Policy::allowed_ciphers();
-         }
-
-      bool allow_tls10() const override { return m_version == Botan::TLS::Protocol_Version::TLS_V10; }
-      bool allow_tls11() const override { return m_version == Botan::TLS::Protocol_Version::TLS_V11; }
-      bool allow_tls12() const override { return m_version == Botan::TLS::Protocol_Version::TLS_V12; }
-
-   private:
-      Botan::TLS::Protocol_Version m_version;
-   };
-
 class TLS_Client final : public Command, public Botan::TLS::Callbacks
    {
    public:
       TLS_Client()
          : Command("tls_client host --port=443 --print-certs --policy=default "
-                   "--tls1.0 --tls1.1 --tls1.2 "
                    "--skip-system-cert-store --trusted-cas= "
                    "--session-db= --session-db-pass= --next-protocols= --type=tcp")
          {
@@ -124,25 +98,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
          Botan::TLS::Protocol_Version version =
             use_tcp ? Botan::TLS::Protocol_Version::TLS_V12 : Botan::TLS::Protocol_Version::DTLS_V12;
 
-         if(flag_set("tls1.0"))
-            {
-            version = Botan::TLS::Protocol_Version::TLS_V10;
-            if(!policy)
-               policy.reset(new CLI_Policy(version));
-            }
-         else if(flag_set("tls1.1"))
-            {
-            version = Botan::TLS::Protocol_Version::TLS_V11;
-            if(!policy)
-               policy.reset(new CLI_Policy(version));
-            }
-         else if(flag_set("tls1.2"))
-            {
-            version = Botan::TLS::Protocol_Version::TLS_V12;
-            if(!policy)
-               policy.reset(new CLI_Policy(version));
-            }
-         else if(!policy)
+         if(!policy)
             {
             policy.reset(new Botan::TLS::Policy);
             }
diff --git a/src/cli/tls_helpers.h b/src/cli/tls_helpers.h
index c973d685d..48a856c1a 100644
--- a/src/cli/tls_helpers.h
+++ b/src/cli/tls_helpers.h
@@ -190,8 +190,6 @@ class TLS_All_Policy final : public Botan::TLS::Policy
          return { "ECDSA", "RSA", "DSA", "IMPLICIT" };
          }
 
-      bool allow_tls10() const override { return true; }
-      bool allow_tls11() const override { return true; }
       bool allow_tls12() const override { return true; }
    };
 
diff --git a/src/cli/tls_utils.cpp b/src/cli/tls_utils.cpp
index 698c625e1..a36f2c2df 100644
--- a/src/cli/tls_utils.cpp
+++ b/src/cli/tls_utils.cpp
@@ -31,22 +31,10 @@ class TLS_Ciphersuites final : public Command
             {
             return Botan::TLS::Protocol_Version::TLS_V12;
             }
-         else if(str == "tls1.1" || str == "TLS1.1" || str == "TLS-1.1")
-            {
-            return Botan::TLS::Protocol_Version::TLS_V11;
-            }
-         else if(str == "tls1.0" || str == "TLS1.1" || str == "TLS-1.1")
-            {
-            return Botan::TLS::Protocol_Version::TLS_V10;
-            }
          if(str == "dtls1.2" || str == "DTLS1.2" || str == "DTLS-1.2")
             {
             return Botan::TLS::Protocol_Version::DTLS_V12;
             }
-         else if(str == "dtls1.0" || str == "DTLS1.0" || str == "DTLS-1.0")
-            {
-            return Botan::TLS::Protocol_Version::DTLS_V10;
-            }
          else
             {
             throw CLI_Error("Unknown TLS version '" + str + "'");