Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-2258

Add TLS v1.1/1.2 support to TSSLSocket.cpp

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.9.1
    • 0.9.2
    • C++ - Library

    Description

      At the moment TSSLSocket.cpp hard-codes the SSL/TLS protocol to TLSv1.0, which does not allow any other protocols to be used instead (SSL v3, TLS v1.0, v1.1, v1.2, ignores SSLv2 as horribly insecure).

      Could a method be provided on the TSSLSocketFactory to set the required protocol (like how there is already a cipher() function available), so that when SSL_CTX_new, it is called with the specified SSL/TLS protocol.

      Sorry to label this as a bug, but being unable to select the highest availabe security protocol for communication is a bug in my eyes.

      Attachments

        1. updated-thrift-2258.patch
          3 kB
          Chris Stylianou
        2. thrift-2258.patch
          7 kB
          Chris Stylianou

        Issue Links

          is related to

          Sub-task - The sub-task of the issue THRIFT-2325 SSL test certificates

          • Major - Major loss of function.
          • Closed

          Activity

            People

              chris5287 Chris Stylianou
              chris5287 Chris Stylianou
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: