Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-2258

Add TLS v1.1/1.2 support to TSSLSocket.cpp

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.9.1
    • 0.9.2
    • C++ - Library

    Description

      At the moment TSSLSocket.cpp hard-codes the SSL/TLS protocol to TLSv1.0, which does not allow any other protocols to be used instead (SSL v3, TLS v1.0, v1.1, v1.2, ignores SSLv2 as horribly insecure).

      Could a method be provided on the TSSLSocketFactory to set the required protocol (like how there is already a cipher() function available), so that when SSL_CTX_new, it is called with the specified SSL/TLS protocol.

      Sorry to label this as a bug, but being unable to select the highest availabe security protocol for communication is a bug in my eyes.

      Attachments

        1. updated-thrift-2258.patch
          3 kB
          Chris Stylianou
        2. thrift-2258.patch
          7 kB
          Chris Stylianou

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            chris5287 Chris Stylianou
            chris5287 Chris Stylianou
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment