Skip to content

Commit ee21516

Browse files
authored
Merge pull request #478 from datastax/usetls1.2
Limit to TLS 1.2 (and below)
2 parents e010b6a + 061cecd commit ee21516

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

src/ssl/ssl_openssl_impl.cpp

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -436,9 +436,6 @@ OpenSslSession::OpenSslSession(const Address& address, const String& hostname,
436436
, incoming_bio_(rb::RingBufferBio::create(&incoming_state_))
437437
, outgoing_bio_(rb::RingBufferBio::create(&outgoing_state_)) {
438438
SSL_set_bio(ssl_, incoming_bio_, outgoing_bio_);
439-
#if DEBUG_SSL
440-
SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
441-
#endif
442439
SSL_set_connect_state(ssl_);
443440

444441
if (!sni_server_name_.empty()) {
@@ -542,6 +539,11 @@ OpenSslContext::OpenSslContext()
542539
, trusted_store_(X509_STORE_new()) {
543540
SSL_CTX_set_cert_store(ssl_ctx_, trusted_store_);
544541
SSL_CTX_set_verify(ssl_ctx_, SSL_VERIFY_NONE, ssl_no_verify_callback);
542+
// Limit to TLS 1.2 for now. TLS 1.3 has broken the handshake code.
543+
SSL_CTX_set_max_proto_version(ssl_ctx_, TLS1_2_VERSION);
544+
#if DEBUG_SSL
545+
SSL_CTX_set_info_callback(ssl_ctx_, ssl_info_callback);
546+
#endif
545547
}
546548

547549
OpenSslContext::~OpenSslContext() { SSL_CTX_free(ssl_ctx_); }

0 commit comments

Comments
 (0)