From 50e25e1dbce265f4a40cb4495ec3a4fe7c3af023 Mon Sep 17 00:00:00 2001
From: Emmanuel Hocdet <manu@gandi.net>
Date: Fri, 24 Mar 2017 15:20:03 +0100
Subject: [PATCH] MINOR: ssl: show methods supported by openssl

TLS v1.3 incoming, SSLv3 will disappears: it could be useful to list
all methods supported by haproxy/openssl (with -vvv).
---
 src/ssl_sock.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 63c0f7928..5014e70b1 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7538,7 +7538,7 @@ static void __ssl_sock_init(void)
 	ptr = NULL;
 	memprintf(&ptr, "Built with OpenSSL version : "
 #ifdef OPENSSL_IS_BORINGSSL
-		"BoringSSL\n");
+		"BoringSSL");
 #else /* OPENSSL_IS_BORINGSSL */
 	        OPENSSL_VERSION_TEXT
 		"\nRunning on OpenSSL version : %s%s",
@@ -7564,6 +7564,24 @@ static void __ssl_sock_init(void)
 #else
 		"no (version might be too old, 0.9.8f min needed)"
 #endif
+#endif
+	       "", ptr);
+
+	memprintf(&ptr, "%s\nOpenSSL library supports : "
+#if SSL_OP_NO_SSLv3
+		  "SSLv3 "
+#endif
+#if SSL_OP_NO_TLSv1
+		  "TLSv1.0 "
+#endif
+#if SSL_OP_NO_TLSv1_1
+		  "TLSv1.1 "
+#endif
+#if SSL_OP_NO_TLSv1_2
+		  "TLSv1.2 "
+#endif
+#if SSL_OP_NO_TLSv1_3
+		  "TLSv1.3"
 #endif
 	       "", ptr);