Set min version to TLS 1.0 in programs

programs/ssl/ssl_client1.c

@@ -168,6 +168,9 @@ int main( int argc, char *argv[] )
     ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
     ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" );
 
+    /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+    ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+
     ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
     ssl_set_dbg( &ssl, my_debug, stdout );
     ssl_set_bio( &ssl, net_recv, &server_fd,

programs/ssl/ssl_client2.c

@@ -86,7 +86,7 @@ int main( int argc, char *argv[] )
 #define DFL_ALLOW_LEGACY        SSL_LEGACY_NO_RENEGOTIATION
 #define DFL_RENEGOTIATE         0
 #define DFL_EXCHANGES           1
-#define DFL_MIN_VERSION         -1
+#define DFL_MIN_VERSION         SSL_MINOR_VERSION_1
 #define DFL_MAX_VERSION         -1
 #define DFL_AUTH_MODE           SSL_VERIFY_REQUIRED
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE

programs/ssl/ssl_fork_server.c

@@ -264,6 +264,10 @@ int main( int argc, char *argv[] )
         ssl_set_endpoint( &ssl, SSL_IS_SERVER );
         ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
 
+        /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+        ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3,
+                                   SSL_MINOR_VERSION_1 );
+
         ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
         ssl_set_dbg( &ssl, my_debug, stdout );
         ssl_set_bio( &ssl, net_recv, &client_fd,

programs/ssl/ssl_mail_client.c

@@ -601,6 +601,9 @@ int main( int argc, char *argv[] )
      * but makes interop easier in this simplified example */
     ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
 
+    /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+    ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+
     ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
     ssl_set_dbg( &ssl, my_debug, stdout );
     ssl_set_bio( &ssl, net_recv, &server_fd,

programs/ssl/ssl_pthread_server.c

@@ -165,6 +165,9 @@ static void *handle_ssl_connection( void *data )
     ssl_set_endpoint( &ssl, SSL_IS_SERVER );
     ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
 
+    /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+    ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+
     ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
     ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
 

programs/ssl/ssl_server.c

@@ -198,6 +198,9 @@ int main( int argc, char *argv[] )
     ssl_set_endpoint( &ssl, SSL_IS_SERVER );
     ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
 
+    /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+    ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+
     ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
     ssl_set_dbg( &ssl, my_debug, stdout );
 

programs/ssl/ssl_server2.c

@@ -105,7 +105,7 @@ int main( int argc, char *argv[] )
 #define DFL_RENEGOTIATE         0
 #define DFL_RENEGO_DELAY        -2
 #define DFL_EXCHANGES           1
-#define DFL_MIN_VERSION         -1
+#define DFL_MIN_VERSION         SSL_MINOR_VERSION_1
 #define DFL_MAX_VERSION         -1
 #define DFL_AUTH_MODE           SSL_VERIFY_OPTIONAL
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE