OpenTSDB and TLS (#9068)

Brings TLS to OpenTSDB connector and InfluxDB

1 files changed, 17 insertions, 2 deletions

diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c
index 486a2f711b..de945e69fe 100644
--- a/libnetdata/socket/security.c
+++ b/libnetdata/socket/security.c
@@ -66,12 +66,16 @@ int tls_select_version(const char *lversion) {
         return TLS1_1_VERSION;
     else if (!strcmp(lversion, "1.2"))
         return TLS1_2_VERSION;
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_111
+#if defined(TLS1_3_VERSION)
     else if (!strcmp(lversion, "1.3"))
         return TLS1_3_VERSION;
 #endif
 
+#if defined(TLS_MAX_VERSION)
     return TLS_MAX_VERSION;
+#else
+    return TLS1_2_VERSION;
+#endif
 }
 #endif
 
@@ -120,7 +124,18 @@ SSL_CTX * security_initialize_openssl_client() {
     ctx = SSL_CTX_new(TLS_client_method());
 #endif
     if(ctx) {
-        security_openssl_common_options(ctx, 1);
+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110
+        SSL_CTX_set_options (ctx,SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
+#else
+        SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
+# if defined(TLS_MAX_VERSION)
+        SSL_CTX_set_max_proto_version(ctx, TLS_MAX_VERSION);
+# elif defined(TLS1_3_VERSION)
+        SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
+# elif defined(TLS1_2_VERSION)
+        SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
+# endif
+#endif
     }
 
     return ctx;