diff options
-rw-r--r-- | src/mongo/util/net/ssl_options.cpp | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/src/mongo/util/net/ssl_options.cpp b/src/mongo/util/net/ssl_options.cpp index ebf0bd79794..b9785d1b83f 100644 --- a/src/mongo/util/net/ssl_options.cpp +++ b/src/mongo/util/net/ssl_options.cpp @@ -267,24 +267,25 @@ Status storeDisabledProtocols(const std::string& disabledProtocols, // Map the tokens to their enum values, and push them onto the list of disabled protocols. for (const std::string& token : tokens) { auto mappedToken = validConfigs.find(token); - - if ((mappedToken == validConfigs.end()) && - (mode == DisabledProtocolsMode::kAcceptNegativePrefix)) { - // We allow "noTLS1_0" style on the server for backward compatibility. - mappedToken = validNoConfigs.find(token); - } - if (mappedToken != validConfigs.end()) { sslGlobalParams.sslDisabledProtocols.push_back(mappedToken->second); - } else { - return Status(ErrorCodes::BadValue, "Unrecognized disabledProtocols '" + token + "'"); + continue; } + + if (mode == DisabledProtocolsMode::kAcceptNegativePrefix) { + auto mappedNoToken = validNoConfigs.find(token); + if (mappedNoToken != validNoConfigs.end()) { + sslGlobalParams.sslDisabledProtocols.push_back(mappedNoToken->second); + continue; + } + } + + return Status(ErrorCodes::BadValue, "Unrecognized disabledProtocols '" + token + "'"); } return Status::OK(); } - Status storeSSLServerOptions(const moe::Environment& params) { if (params.count("net.ssl.mode")) { std::string sslModeParam = params["net.ssl.mode"].as<string>(); |