Allow disabling the min and max version

Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org>

doc/ssl/SSL_CONF_cmd.pod

@@ -113,7 +113,8 @@ operations are permitted.
 
 Sets the minimum and maximum supported protocol.
 Currently supported protocol values are B<SSLv3>, B<TLSv1>,
-B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS.
+B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS,
+and B<None> for no limit.
 If the either bound is not specified then only the other bound applies,
 if specified.
 To restrict the supported protocol versions use these commands rather
@@ -275,6 +276,7 @@ This sets the minimum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
 B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The value B<None> will disable the limit.
 
 =item B<MaxProtocol>
 
@@ -282,6 +284,7 @@ This sets the maximum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
 B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The value B<None> will disable the limit.
 
 =item B<Protocol>
 

ssl/ssl_conf.c

@@ -332,6 +332,7 @@ static int protocol_from_string(const char *value)
         int version;
     };
     static const struct protocol_versions versions[] = {
+        {"None", 0},
         {"SSLv3", SSL3_VERSION},
         {"TLSv1", TLS1_VERSION},
         {"TLSv1.1", TLS1_1_VERSION},

ssl/statem/statem_lib.c

@@ -834,6 +834,11 @@ int ssl_check_version_downgrade(SSL *s)
  */
 int ssl_set_version_bound(int method_version, int version, int *bound)
 {
+    if (version == 0) {
+        *bound = version;
+        return 1;
+    }
+
     /*-
      * Restrict TLS methods to TLS protocol versions.
      * Restrict DTLS methods to DTLS protocol versions.