diff options
author | thiagoftsm <thiagoftsm@gmail.com> | 2020-05-26 17:05:56 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-26 17:05:56 +0000 |
commit | 6b091fafd9c3b0197325b3ef751dbdb317048e2b (patch) | |
tree | f82e78e1dd42d5bfc5e604d0fa47adb7541b5deb /libnetdata/socket | |
parent | 725b749e9ba91556f8600d7ba2aef56f9545fbcd (diff) |
OpenTSDB and TLS (#9068)
Brings TLS to OpenTSDB connector and InfluxDB
Diffstat (limited to 'libnetdata/socket')
-rw-r--r-- | libnetdata/socket/security.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c index 486a2f711b..de945e69fe 100644 --- a/libnetdata/socket/security.c +++ b/libnetdata/socket/security.c @@ -66,12 +66,16 @@ int tls_select_version(const char *lversion) { return TLS1_1_VERSION; else if (!strcmp(lversion, "1.2")) return TLS1_2_VERSION; -#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_111 +#if defined(TLS1_3_VERSION) else if (!strcmp(lversion, "1.3")) return TLS1_3_VERSION; #endif +#if defined(TLS_MAX_VERSION) return TLS_MAX_VERSION; +#else + return TLS1_2_VERSION; +#endif } #endif @@ -120,7 +124,18 @@ SSL_CTX * security_initialize_openssl_client() { ctx = SSL_CTX_new(TLS_client_method()); #endif if(ctx) { - security_openssl_common_options(ctx, 1); +#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110 + SSL_CTX_set_options (ctx,SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION); +#else + SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); +# if defined(TLS_MAX_VERSION) + SSL_CTX_set_max_proto_version(ctx, TLS_MAX_VERSION); +# elif defined(TLS1_3_VERSION) + SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); +# elif defined(TLS1_2_VERSION) + SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION); +# endif +#endif } return ctx; |