From e465089798bad6b62fb82ecabdc90985baa80cb8 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 24 Mar 2023 16:44:01 +0100
Subject: [PATCH] No old TLS check

---
 configure.ac                 | 2 +-
 wolfssl/wolfcrypt/settings.h | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 4bd23105e..4e2152e8e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3492,7 +3492,7 @@ AC_ARG_ENABLE([oldtls],
     [ ENABLED_OLD_TLS=yes ]
     )
 
-if test "$ENABLED_CRYPTONLY" = "yes"
+if test "$ENABLED_CRYPTONLY" = "yes" || test "x$ENABLED_HARDEN_TLS" != "xno"
 then
     ENABLED_OLD_TLS=no
 fi
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 6c8346e9a..633ec9295 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2969,6 +2969,9 @@ extern void uITRON4_free(void *p) ;
     #ifdef HAVE_TRUNCATED_HMAC
         #error "Truncated HMAC Extension not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.6"
     #endif
+    #ifndef NO_OLD_TLS
+        #error "TLS < 1.2 protocol versions not allowed https://www.rfc-editor.org/rfc/rfc9325#section-3.1.1"
+    #endif
 #endif
 
 #ifdef __cplusplus