Drop TLS version support detection (#1617)

With requiring openssl version at least 1.1.1 all versions of TLS (up to
and including 1.3) and DTLS 1.2 are supported
With that, no detection or ability to disable a version will be provided

src/apps/common/apputils.h

@@ -58,68 +58,32 @@ extern int IS_TURN_SERVER;
 /* TLS */
 
 #if defined(TURN_NO_TLS)
-
 #define TLS_SUPPORTED 0
-#define TLSv1_1_SUPPORTED 0
-#define TLSv1_2_SUPPORTED 0
-
 #else
-
 #define TLS_SUPPORTED 1
-
-#if defined(SSL_OP_NO_TLSv1_1)
-#define TLSv1_1_SUPPORTED 1
-#else
-#define TLSv1_1_SUPPORTED 0
-#endif
-
-#if defined(SSL_OP_NO_TLSv1_2)
-#define TLSv1_2_SUPPORTED 1
-#else
-#define TLSv1_2_SUPPORTED 0
-#endif
-
-#if defined(SSL_OP_NO_TLSv1_3)
-#define TLSv1_3_SUPPORTED 1
-#else
-#define TLSv1_3_SUPPORTED 0
-#endif
-
 #endif
 
 #if defined(TURN_NO_DTLS)
-
 #define DTLS_SUPPORTED 0
-#define DTLSv1_2_SUPPORTED 0
-
 #else
-
 #define DTLS_SUPPORTED 1
-
-#if defined(SSL_OP_NO_DTLSv1_2)
-#define DTLSv1_2_SUPPORTED 1
-#else
-#define DTLSv1_2_SUPPORTED 0
-#endif
-
 #endif
 
 #define SSL_SESSION_ECDH_AUTO_SUPPORTED 1
 
 /////////// SSL //////////////////////////
 
+// clang-format off
 enum _TURN_TLS_TYPE {
   TURN_TLS_NO = 0,
   TURN_TLS_SSL23,
   TURN_TLS_v1_0,
-#if TLSv1_1_SUPPORTED
   TURN_TLS_v1_1,
-#if TLSv1_2_SUPPORTED
   TURN_TLS_v1_2,
-#endif
-#endif
+  TURN_TLS_v1_3,
   TURN_TLS_TOTAL
 };
+// clang-format on
 
 typedef enum _TURN_TLS_TYPE TURN_TLS_TYPE;
 

src/apps/relay/mainrelay.c

@@ -2809,22 +2809,14 @@ static void print_features(unsigned long mfn) {
 
 #if !TLS_SUPPORTED
   TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS is not supported\n");
-#elif TLSv1_3_SUPPORTED
+#else
   TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.3 supported\n");
-#elif TLSv1_2_SUPPORTED
-  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.2 supported\n");
-#elif TLSv1_1_SUPPORTED
-  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.1 supported\n");
-#elif TLSv1_SUPPORTED
-  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.0 supported\n");
 #endif
 
 #if !DTLS_SUPPORTED
   TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS is not supported\n");
-#elif DTLSv1_2_SUPPORTED
+#else
   TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS 1.2 supported\n");
-#elif DTLS_SUPPORTED
-  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS supported\n");
 #endif
 
   TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TURN/STUN ALPN supported\n");
@@ -3567,10 +3559,7 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho
 
   SSL_CTX_set_cipher_list(ctx, turn_params.cipher_list);
   SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
-
-#if TLSv1_3_SUPPORTED
   SSL_CTX_set_ciphersuites(ctx, turn_params.cipher_list);
-#endif
 
   if (!SSL_CTX_use_certificate_chain_file(ctx, turn_params.cert_file)) {
     TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: no certificate found\n", protocol);
@@ -3805,11 +3794,9 @@ static void openssl_load_certificates(void) {
     if (turn_params.no_tlsv1_1) {
       SSL_CTX_set_min_proto_version(turn_params.tls_ctx, TLS1_2_VERSION);
     }
-#if TLSv1_3_SUPPORTED
     if (turn_params.no_tlsv1_2) {
       SSL_CTX_set_min_proto_version(turn_params.tls_ctx, TLS1_3_VERSION);
     }
-#endif
     TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS cipher suite: %s\n", turn_params.cipher_list);
   }
 

src/apps/relay/mainrelay.h

@@ -103,12 +103,10 @@ extern "C" {
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #define DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
-#if TLSv1_3_SUPPORTED
 #define DEFAULT_CIPHERSUITES OSSL_default_ciphersuites()
-#endif
 #else
 #define DEFAULT_CIPHER_LIST "DEFAULT"
-#if TLSv1_3_SUPPORTED && defined(TLS_DEFAULT_CIPHERSUITES)
+#if defined(TLS_DEFAULT_CIPHERSUITES)
 #define DEFAULT_CIPHERSUITES TLS_DEFAULT_CIPHERSUITES
 #endif
 #endif