Added support for disabling/forcing TLSv1.3

author: Kamil Sokolowski <Kamil.Sokolowski@motorolasolutions.com> 2021-01-26 13:39:26 +0100
committer: Kamil Sokolowski <Kamil.Sokolowski@motorolasolutions.com> 2021-01-26 13:39:26 +0100
commit: c8da16d9e0323a261204a438844099da5680f64d (patch)
tree: e13da2e0bc8f6be6e75d2712dd054a8662f6865e
parent: d7e14aeba6630cb8bf61d5e6f8208572a092dcc2 (diff)
download: ATCD-c8da16d9e0323a261204a438844099da5680f64d.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/ACE/ace/SSL/SSL_Context.cpp b/ACE/ace/SSL/SSL_Context.cpp
index badc7239546..b6bd64befbd 100644
--- a/ACE/ace/SSL/SSL_Context.cpp
+++ b/ACE/ace/SSL/SSL_Context.cpp
@@ -349,6 +349,17 @@ ACE_SSL_Context::filter_versions (const char* versionlist)
       ::SSL_CTX_set_options (this->context_, SSL_OP_NO_TLSv1_2);
     }
 #endif /* SSL_OP_NO_TLSv1_2 */
+
+#if defined (SSL_OP_NO_TLSv1_3)
+  pos = vlist.find("tlsv1.3");
+  match = pos != ACE_CString::npos &&
+      (pos == vlist.length() - 7 ||
+          seplist.find(vlist[pos + 7]) != ACE_CString::npos);
+  if (!match)
+  {
+      ::SSL_CTX_set_options(this->context_, SSL_OP_NO_TLSv1_3);
+  }
+#endif /* SSL_OP_NO_TLSv1_3 */
   return 0;
 }
author	Kamil Sokolowski <Kamil.Sokolowski@motorolasolutions.com>	2021-01-26 13:39:26 +0100
committer	Kamil Sokolowski <Kamil.Sokolowski@motorolasolutions.com>	2021-01-26 13:39:26 +0100
commit	c8da16d9e0323a261204a438844099da5680f64d (patch)
tree	e13da2e0bc8f6be6e75d2712dd054a8662f6865e
parent	d7e14aeba6630cb8bf61d5e6f8208572a092dcc2 (diff)
download	ATCD-c8da16d9e0323a261204a438844099da5680f64d.tar.gz