Bump the minimum versions of GnuTLS to 2.0.0 and OpenSSL to 1.0.0.

Old TLS libraries should not be used anymore due to security risks.

2 files changed, 2 insertions, 12 deletions

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 97fdf504c..56b60de26 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -79,11 +79,6 @@
 #define GNUTLS_NEW_PRIO_API
 #endif
 
-#if (!INSPIRCD_GNUTLS_HAS_VERSION(2, 0, 0))
-typedef gnutls_certificate_credentials_t gnutls_certificate_credentials;
-typedef gnutls_dh_params_t gnutls_dh_params;
-#endif
-
 enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_HANDSHAKEN };
 
 #if INSPIRCD_GNUTLS_HAS_VERSION(2, 12, 0)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 1aab0d086..d203ad2f3 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -54,11 +54,6 @@
 # pragma comment(lib, "libeay32.lib")
 #endif
 
-#if ((OPENSSL_VERSION_NUMBER >= 0x10000000L) && (!(defined(OPENSSL_NO_ECDH))))
-// OpenSSL 0.9.8 includes some ECC support, but it's unfinished. Enable only for 1.0.0 and later.
-#define INSPIRCD_OPENSSL_ENABLE_ECDH
-#endif
-
 // BIO is opaque in OpenSSL 1.1 but the access API does not exist in 1.0 and older.
 #if ((defined LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L))
 # define BIO_get_data(BIO) BIO->ptr
@@ -162,7 +157,7 @@ namespace OpenSSL
 			return (SSL_CTX_set_tmp_dh(ctx, dh.get()) >= 0);
 		}
 
-#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH
+#ifndef OPENSSL_NO_ECDH
 		void SetECDH(const std::string& curvename)
 		{
 			int nid = OBJ_sn2nid(curvename.c_str());
@@ -330,7 +325,7 @@ namespace OpenSSL
 				}
 			}
 
-#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH
+#ifndef OPENSSL_NO_ECDH
 			std::string curvename = tag->getString("ecdhcurve", "prime256v1");
 			if (!curvename.empty())
 				ctx.SetECDH(curvename);