SERVER-19221 implement async SSL in NetworkInterfaceASIO

1 files changed, 15 insertions, 0 deletions

diff --git a/src/mongo/executor/network_interface_asio.cpp b/src/mongo/executor/network_interface_asio.cpp
index 3b6acdd6083..9ef278971af 100644
--- a/src/mongo/executor/network_interface_asio.cpp
+++ b/src/mongo/executor/network_interface_asio.cpp
@@ -34,17 +34,32 @@
 
 #include <utility>
 
+#include "mongo/config.h"
 #include "mongo/stdx/chrono.h"
 #include "mongo/stdx/memory.h"
 #include "mongo/util/log.h"
 #include "mongo/util/net/sock.h"
 
+#include "mongo/util/net/ssl_manager.h"
+
 namespace mongo {
 namespace executor {
 
 NetworkInterfaceASIO::NetworkInterfaceASIO()
     : _io_service(), _resolver(_io_service), _state(State::kReady), _isExecutorRunnable(false) {
     _connPool = stdx::make_unique<ConnectionPool>(kMessagingPortKeepOpen);
+
+#ifdef MONGO_CONFIG_SSL
+    if (getSSLManager()) {
+        // We use sslv23, which corresponds to OpenSSLs SSLv23_method, for compatibility with older
+        // versions of OpenSSL. This mirrors the call to SSL_CTX_new in ssl_manager.cpp. In
+        // initAsyncSSLContext we explicitly disable all protocols other than TLSv1, TLSv1.1,
+        // and TLSv1.2.
+        _sslContext.emplace(asio::ssl::context::sslv23);
+        uassertStatusOK(
+            getSSLManager()->initSSLContext(_sslContext->native_handle(), getSSLGlobalParams()));
+    }
+#endif
 }
 
 std::string NetworkInterfaceASIO::getDiagnosticString() {