Merge pull request #1427 from KamilSoko/disable_TLSv13_support

Added support for disabling/forcing TLSv1.3
author: Johnny Willemsen <jwillemsen@remedy.nl> 2021-01-26 15:26:34 +0100
committer: GitHub <noreply@github.com> 2021-01-26 15:26:34 +0100
commit: be2df3244a3cfb5070fa8b5f93c90d9e81d6edf1 (patch)
tree: d5a54c1ef52d7128b6fea252f378f9c6162928c4
parent: d7e14aeba6630cb8bf61d5e6f8208572a092dcc2 (diff)
parent: de06b15490fe52f0bd712ab5dbe2ab7879c81382 (diff)
download: ATCD-be2df3244a3cfb5070fa8b5f93c90d9e81d6edf1.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/ACE/ace/SSL/SSL_Context.cpp b/ACE/ace/SSL/SSL_Context.cpp
index badc7239546..3fff8fa365e 100644
--- a/ACE/ace/SSL/SSL_Context.cpp
+++ b/ACE/ace/SSL/SSL_Context.cpp
@@ -349,6 +349,17 @@ ACE_SSL_Context::filter_versions (const char* versionlist)
       ::SSL_CTX_set_options (this->context_, SSL_OP_NO_TLSv1_2);
     }
 #endif /* SSL_OP_NO_TLSv1_2 */
+
+#if defined (SSL_OP_NO_TLSv1_3)
+  pos = vlist.find("tlsv1.3");
+  match = pos != ACE_CString::npos &&
+    (pos == vlist.length() - 7 ||
+      seplist.find(vlist[pos + 7]) != ACE_CString::npos);
+  if (!match)
+    {
+      ::SSL_CTX_set_options(this->context_, SSL_OP_NO_TLSv1_3);
+    }
+#endif /* SSL_OP_NO_TLSv1_3 */
   return 0;
 }
author	Johnny Willemsen <jwillemsen@remedy.nl>	2021-01-26 15:26:34 +0100
committer	GitHub <noreply@github.com>	2021-01-26 15:26:34 +0100
commit	be2df3244a3cfb5070fa8b5f93c90d9e81d6edf1 (patch)
tree	d5a54c1ef52d7128b6fea252f378f9c6162928c4
parent	d7e14aeba6630cb8bf61d5e6f8208572a092dcc2 (diff)
parent	de06b15490fe52f0bd712ab5dbe2ab7879c81382 (diff)
download	ATCD-be2df3244a3cfb5070fa8b5f93c90d9e81d6edf1.tar.gz