tls: remove support for TLS 1.0 and 1.1.

Those old algorithms are not used anywhere, and are not recommended.
TLS 1.2 support has been prevalent for over a decade.

1 files changed, 6 insertions, 15 deletions

diff --git a/src/supplemental/tls/tls_test.c b/src/supplemental/tls/tls_test.c
index 9317890d..5eb981ac 100644
--- a/src/supplemental/tls/tls_test.c
+++ b/src/supplemental/tls/tls_test.c
@@ -20,29 +20,20 @@ test_tls_config_version(void)
 	NUTS_PASS(nng_tls_config_alloc(&cfg, NNG_TLS_MODE_SERVER));
 
 	// Verify that min ver < max ver
-	NUTS_FAIL(nng_tls_config_version(cfg, NNG_TLS_1_3, NNG_TLS_1_0),
+	NUTS_FAIL(nng_tls_config_version(cfg, NNG_TLS_1_3, NNG_TLS_1_2),
 	    NNG_ENOTSUP);
 
-	// Verify that we cannot configure SSL 3.0 or older.
-	NUTS_FAIL(nng_tls_config_version(cfg, NNG_TLS_1_0 - 1, NNG_TLS_1_0),
+	// Verify that we cannot configure TLS 1.1 or older.
+	NUTS_FAIL(
+	    nng_tls_config_version(cfg, NNG_TLS_1_2 - 1, NNG_TLS_1_2 - 1),
 	    NNG_ENOTSUP);
 
 	// Verify that we cannot configure TLS > 1.3.
-	NUTS_FAIL(nng_tls_config_version(cfg, NNG_TLS_1_0, NNG_TLS_1_3 + 1),
+	NUTS_FAIL(nng_tls_config_version(cfg, NNG_TLS_1_2, NNG_TLS_1_3 + 1),
 	    NNG_ENOTSUP);
 
 	// Verify that we *can* configure some various ranges starting with
-	// TLS v1.2.  Note that some libraries no longer support TLS 1.0
-	// and TLS 1.1, so we don't test for them.
-#if 0
-	NUTS_PASS(nng_tls_config_version(cfg, NNG_TLS_1_0, NNG_TLS_1_0));
-	NUTS_PASS(nng_tls_config_version(cfg, NNG_TLS_1_0, NNG_TLS_1_1));
-	NUTS_PASS(nng_tls_config_version(cfg, NNG_TLS_1_0, NNG_TLS_1_2));
-	NUTS_PASS(nng_tls_config_version(cfg, NNG_TLS_1_0, NNG_TLS_1_3));
-	NUTS_PASS(nng_tls_config_version(cfg, NNG_TLS_1_1, NNG_TLS_1_1));
-	NUTS_PASS(nng_tls_config_version(cfg, NNG_TLS_1_1, NNG_TLS_1_2));
-	NUTS_PASS(nng_tls_config_version(cfg, NNG_TLS_1_1, NNG_TLS_1_3));
-#endif
+	// TLS v1.2.
 	NUTS_PASS(nng_tls_config_version(cfg, NNG_TLS_1_2, NNG_TLS_1_2));
 	NUTS_PASS(nng_tls_config_version(cfg, NNG_TLS_1_2, NNG_TLS_1_3));