Drop old OpenSSL and LibreSSL version support

The new baseline is OpenSSL 1.1.1 or LibreSSL 2.8.0.  I chose the
former because it's the version available in Rocky Linux 8 (and
presumably RHEL 8), which is still under support.  The latter is just
because it's been released around the same time.

By doing this, we can drop every preprocessor conditional that depends
on `OPENSSL_VERSION_NUMBER` and almost every one that depends on
`LIBRESSL_VERSION_NUMBER`.

In addition, we can now make the following simplifications:

* Drop support for SSLv2, since neither library supports it anymore.
  For backwards compatibility, the protocol name is still allowed in
  the config, but does nothing.

* Remove the setting of the `SSL_OP_SINGLE_{EC,}DH_USE` options, since
  they're now permanently enabled in both libraries.

* Remove the `OPENSSL_init_ssl` call, which is now unnecessary.

* Remove the manual seeding code, since both libraries now handle
  seeding automatically.  In LibreSSL, `RAND_load_file` doesn't even do
  anything.

close #325
see #321

Author: SpecLad

doc/pod/inn.conf.pod

@@ -1325,9 +1325,7 @@ The name of the elliptic curve to use for ephemeral key exchanges.
 To see the list of curves supported by OpenSSL, use C<openssl ecparam
 -list_curves>.
 
-The default is unset, which means an appropriate curve is auto-selected
-(if your OpenSSL version is at least 1.0.2 or you are using LibreSSL)
-or the NIST P-256 curve is used.
+The default is unset, which means an appropriate curve is auto-selected.
 
 This option is only effective if your OpenSSL version has ECDH support.
 
@@ -1341,7 +1339,10 @@ the server will choose following its own preferences.
 =item I<tlsprotocols>
 
 The list of TLS/SSL protocol versions to support.  Valid protocols are
-B<SSLv2>, B<SSLv3>, B<TLSv1>, B<TLSv1.1>, B<TLSv1.2> and B<TLSv1.3>.
+B<SSLv3>, B<TLSv1>, B<TLSv1.1>, B<TLSv1.2> and B<TLSv1.3>.  For compatibility
+with older versions of INN, B<SSLv2> may also be listed, but this will have
+no effect.
+
 The default value is to only allow secure TLS protocols:
 
     tlsprotocols: [ TLSv1.2 TLSv1.3 ]

doc/pod/install.pod

@@ -182,8 +182,8 @@ versions you'll need:
     --with-blacklist    blacklistd from FreeBSD 11 or higher base system
     --with-canlock      libcanlock 3.3.0 or higher
     --with-krb5         MIT Kerberos v5 1.6.1 or higher
-    --with-openssl      OpenSSL 0.9.6 or higher, 3.0.0+ recommended
-                        LibreSSL 2.1.0 or higher, 3.2.0+ recommended
+    --with-openssl      OpenSSL 1.1.1 or higher, 3.0.0+ recommended
+                        LibreSSL 2.8.0 or higher, 3.5.0+ recommended
     --with-perl         Perl 5.004_03 or higher, 5.8.0+ recommended
     --with-python       Python 2.3.0 or higher, 2.5.0+ recommended
                         Python 3.3.0 or higher

nnrpd/misc.c

@@ -638,13 +638,11 @@ CMDstarttls(int ac UNUSED, char *av[] UNUSED)
     }
 #    endif /* HAVE_SASL */
 
-#    if defined(HAVE_ZLIB) && OPENSSL_VERSION_NUMBER >= 0x00090800fL
-    /* Check whether a compression layer has just been added.
-     * SSL_get_current_compression() is defined in OpenSSL versions >= 0.9.8
-     * final release, as well as LibreSSL. */
+#    if defined(HAVE_ZLIB)
+    /* Check whether a compression layer has just been added. */
     tls_compression_on = (SSL_get_current_compression(tls_conn) != NULL);
     compression_layer_on = tls_compression_on;
-#    endif /* HAVE_ZLIB && OPENSSL >= v0.9.8 */
+#    endif /* HAVE_ZLIB */
 
     /* Reset our read buffer so as to prevent plaintext command injection. */
     line_reset(&NNTPline);

nnrpd/nnrpd.c

@@ -1358,13 +1358,11 @@ main(int argc, char *argv[])
         }
         encryption_layer_on = true;
 
-#    if defined(HAVE_ZLIB) && OPENSSL_VERSION_NUMBER >= 0x00090800fL
-        /* Check whether a compression layer has just been added.
-         * SSL_get_current_compression() is defined in OpenSSL versions >=
-         * 0.9.8 final release, as well as LibreSSL. */
+#    if defined(HAVE_ZLIB)
+        /* Check whether a compression layer has just been added. */
         tls_compression_on = (SSL_get_current_compression(tls_conn) != NULL);
         compression_layer_on = tls_compression_on;
-#    endif /* HAVE_ZLIB && OPENSSL >= v0.9.8 */
+#    endif /* HAVE_ZLIB */
     }
 #endif /* HAVE_OPENSSL */