From cb8f837a3d0d16bdbfc9c545d32527ad28b0d841 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <sergii@pisem.net>
Date: Tue, 18 Nov 2014 17:57:06 +0100
Subject: MDEV-6975 Implement TLS protocol

change SSL methods to be SSLv23 (according to openssl manpage:
"A TLS/SSL connection established with these methods may understand
the SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols") from
TLSv1 methods, that go back to the initial SSL implementation
in MySQL in 2001.

OpenSSL default ciphers are different if TLSv1.2 is enabled,
so tests need to take this into account.
---
 vio/viosslfactories.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'vio')

diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 3fde307e4dd..c64bba338a4 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -190,8 +190,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
     DBUG_RETURN(0);
 
   if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client_method ? 
-                                         TLSv1_client_method() :
-                                         TLSv1_server_method())))
+                                         SSLv23_client_method() :
+                                         SSLv23_server_method())))
   {
     *error= SSL_INITERR_MEMFAIL;
     DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
-- 
cgit v1.2.1