You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by pm...@apache.org on 2016/01/05 13:59:10 UTC
svn commit: r1723066 - /qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp
Author: pmoravec
Date: Tue Jan 5 12:59:09 2016
New Revision: 1723066
URL: http://svn.apache.org/viewvc?rev=1723066&view=rev
Log:
QPID-6966: C++ broker and client to support TLS1.1 and TLS1.2 by default
Modified:
qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp
Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp?rev=1723066&r1=1723065&r2=1723066&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp Tue Jan 5 12:59:09 2016
@@ -110,12 +110,17 @@ void initNSS(const SslOptions& options,
// disable SSLv2 and SSLv3 versions of the protocol - they are
// no longer considered secure
- SSLVersionRange vrange;
+ SSLVersionRange drange, srange; // default and supported ranges
const uint16_t tlsv1 = 0x0301; // Protocol version for TLSv1.0
- NSS_CHECK(SSL_VersionRangeGetDefault(ssl_variant_stream, &vrange));
- if (vrange.min < tlsv1) {
- vrange.min = tlsv1;
- NSS_CHECK(SSL_VersionRangeSetDefault(ssl_variant_stream, &vrange));
+ NSS_CHECK(SSL_VersionRangeGetDefault(ssl_variant_stream, &drange));
+ NSS_CHECK(SSL_VersionRangeGetSupported(ssl_variant_stream, &srange));
+ if (drange.min < tlsv1) {
+ drange.min = tlsv1;
+ NSS_CHECK(SSL_VersionRangeSetDefault(ssl_variant_stream, &drange));
+ }
+ if (srange.max > drange.max) {
+ drange.max = srange.max;
+ NSS_CHECK(SSL_VersionRangeSetDefault(ssl_variant_stream, &drange));
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org