SERVER-17591: Allow TLS protocols to be disabled

1 files changed, 10 insertions, 1 deletions

diff --git a/src/mongo/util/net/ssl_options.h b/src/mongo/util/net/ssl_options.h
index d2f2a79bc9a..d348e004b4e 100644
--- a/src/mongo/util/net/ssl_options.h
+++ b/src/mongo/util/net/ssl_options.h
@@ -27,9 +27,12 @@
 
 #pragma once
 
-#include "mongo/base/status.h"
 #include "mongo/util/net/ssl_manager.h"
 
+#include <vector>
+
+#include "mongo/base/status.h"
+
 namespace mongo {
 
     namespace optionenvironment {
@@ -40,6 +43,11 @@ namespace mongo {
     namespace moe = mongo::optionenvironment;
 
     struct SSLParams {
+        enum class Protocols {
+            TLS1_0,
+            TLS1_1,
+            TLS1_2
+        };
         AtomicInt32 sslMode;        // --sslMode - the SSL operation mode, see enum SSLModes
         bool sslOnNormalPorts;      // --sslOnNormalPorts (deprecated)
         std::string sslPEMKeyFile;       // --sslPEMKeyFile
@@ -49,6 +57,7 @@ namespace mongo {
         std::string sslCAFile;      // --sslCAFile
         std::string sslCRLFile;     // --sslCRLFile
         std::string sslCipherConfig; // --sslCipherConfig
+        std::vector<Protocols> sslDisabledProtocols; // --sslDisabledProtocols
         bool sslWeakCertificateValidation; // --sslWeakCertificateValidation
         bool sslFIPSMode; // --sslFIPSMode
         bool sslAllowInvalidCertificates; // --sslAllowInvalidCertificates