Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-2258

Add TLS v1.1/1.2 support to TSSLSocket.cpp

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.9.1
    • Fix Version/s: 0.9.2
    • Component/s: C++ - Library
    • Labels:

      Description

      At the moment TSSLSocket.cpp hard-codes the SSL/TLS protocol to TLSv1.0, which does not allow any other protocols to be used instead (SSL v3, TLS v1.0, v1.1, v1.2, ignores SSLv2 as horribly insecure).

      Could a method be provided on the TSSLSocketFactory to set the required protocol (like how there is already a cipher() function available), so that when SSL_CTX_new, it is called with the specified SSL/TLS protocol.

      Sorry to label this as a bug, but being unable to select the highest availabe security protocol for communication is a bug in my eyes.

        Attachments

        1. thrift-2258.patch
          7 kB
          Chris Stylianou
        2. updated-thrift-2258.patch
          3 kB
          Chris Stylianou

          Issue Links

            Activity

              People

              • Assignee:
                chris5287 Chris Stylianou
                Reporter:
                chris5287 Chris Stylianou
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: