From 8fcffe46b231ddcc0305a36bf7f9aaf27c7e1a50 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sat, 20 Nov 2021 14:40:55 +0100
Subject: OpenSSL: bump minimum required version to 1.0.2f

...in order to safely remove the obsolete OpenSSL flag
SSL_OP_SINGLE_DH_USE.
---
 socket.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'socket.c')

diff --git a/socket.c b/socket.c
index 8ee88ec2..1d022689 100644
--- a/socket.c
+++ b/socket.c
@@ -406,7 +406,7 @@ va_dcl {
 #include <openssl/x509v3.h>
 #include <openssl/rand.h>
 
-#define fm_MIN_OPENSSL_VER 0x1000200fL
+#define fm_MIN_OPENSSL_VER 0x1000206fL /* 1.0.2f */
 
 #ifdef LIBRESSL_VERSION_NUMBER
 #error "FAILED - LibreSSL cannot be used legally, for lack of GPL clause 2b exception, see COPYING." 
@@ -417,7 +417,7 @@ va_dcl {
 #endif
 
 #if OPENSSL_VERSION_NUMBER < fm_MIN_OPENSSL_VER
-#error Your OpenSSL version must be at least 1.0.2 release. Older OpenSSL versions are unsupported.
+#error Your OpenSSL version must be at least 1.0.2f release. Older OpenSSL versions are unsupported.
 #else
 /*
 #define __fm_ossl_ver(x) #x
@@ -1079,7 +1079,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
         struct stat randstat;
         int i;
 	int avoid_ssl_versions = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-	long sslopts = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE;
+	long sslopts = SSL_OP_ALL;
 	int ssle_connect = 0;
 	long ver;
 
-- 
cgit v1.2.3