From 6b091fafd9c3b0197325b3ef751dbdb317048e2b Mon Sep 17 00:00:00 2001
From: thiagoftsm <thiagoftsm@gmail.com>
Date: Tue, 26 May 2020 17:05:56 +0000
Subject: OpenTSDB and TLS (#9068)

Brings TLS to OpenTSDB connector and InfluxDB
---
 libnetdata/socket/security.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

(limited to 'libnetdata')

diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c
index 486a2f711b..de945e69fe 100644
--- a/libnetdata/socket/security.c
+++ b/libnetdata/socket/security.c
@@ -66,12 +66,16 @@ int tls_select_version(const char *lversion) {
         return TLS1_1_VERSION;
     else if (!strcmp(lversion, "1.2"))
         return TLS1_2_VERSION;
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_111
+#if defined(TLS1_3_VERSION)
     else if (!strcmp(lversion, "1.3"))
         return TLS1_3_VERSION;
 #endif
 
+#if defined(TLS_MAX_VERSION)
     return TLS_MAX_VERSION;
+#else
+    return TLS1_2_VERSION;
+#endif
 }
 #endif
 
@@ -120,7 +124,18 @@ SSL_CTX * security_initialize_openssl_client() {
     ctx = SSL_CTX_new(TLS_client_method());
 #endif
     if(ctx) {
-        security_openssl_common_options(ctx, 1);
+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110
+        SSL_CTX_set_options (ctx,SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
+#else
+        SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
+# if defined(TLS_MAX_VERSION)
+        SSL_CTX_set_max_proto_version(ctx, TLS_MAX_VERSION);
+# elif defined(TLS1_3_VERSION)
+        SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
+# elif defined(TLS1_2_VERSION)
+        SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
+# endif
+#endif
     }
 
     return ctx;
-- 
cgit v1.2.3