Change to TLS version negotiation patch: remove implicit assumption

that SSL lib might not implement TLS 1.0.

Author: jamesyonan

src/openvpn/ssl_openssl.c

@@ -200,10 +200,8 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags)
  {
  long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
  const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) & SSLF_TLS_VERSION_MASK;
-#ifdef SSL_OP_NO_TLSv1
  if (tls_version_min > TLS_VER_1_0)
  sslopt |= SSL_OP_NO_TLSv1;
-#endif
 #ifdef SSL_OP_NO_TLSv1_1
  if (tls_version_min > TLS_VER_1_1)
  sslopt |= SSL_OP_NO_TLSv1_1;

src/openvpn/ssl_polarssl.c

@@ -569,13 +569,11 @@ void key_state_ssl_init(struct key_state_ssl *ks_ssl,
 int polar_minor;
 switch (tls_version_min)
  {
-#if defined(SSL_MAJOR_VERSION_3) && defined(SSL_MINOR_VERSION_1)
  case TLS_VER_1_0:
  default:
  polar_major = SSL_MAJOR_VERSION_3;
  polar_minor = SSL_MINOR_VERSION_1;
  break;
-#endif
 #if defined(SSL_MAJOR_VERSION_3) && defined(SSL_MINOR_VERSION_2)
  case TLS_VER_1_1:
  polar_major = SSL_MAJOR_VERSION_3;