Removed SSLv2 methods from serviceInitSSL because OpenSSL 1.1.0 does not support them.

2015-06-17 10:20:00 +03:00 · 2015-06-17 10:20:00 +03:00 · 425dd8cb3b
commit 425dd8cb3b
parent f0aed1f666
4 changed files with 4 additions and 11 deletions
--- a/Documentation/Getting-Started/Configuration-Guide.md
+++ b/Documentation/Getting-Started/Configuration-Guide.md
@ -349,7 +349,6 @@ This is the Certificate Authority file. It will be used to verify that both the
 ### `ssl_version`

 This parameter controls the level of encryption used. Accepted values are:
- * SSLv2
 * SSLv3
 * TLSv10
 * TLSv11
--- a/Documentation/Reference/MaxScale-and-SSL.md
+++ b/Documentation/Reference/MaxScale-and-SSL.md
@ -11,5 +11,5 @@ ssl         | disabled, enabled, required |`disable` disables SSL, `enabled` ena
 ssl_cert    | path to file              |Path to server certificate
 ssl_key     | path to file              |Path to server private key
 ssl_ca_cert | path to file              |Path to Certificate Authority file
-ssl_version|SSLV2,SSLV3,TLSV10,TLSV11,TLSV12,MAX| The SSL method level,  defaults to highest available encryption level which is TLSv1.2
+ssl_version|SSLV3,TLSV10,TLSV11,TLSV12,MAX| The SSL method level,  defaults to highest available encryption level which is TLSv1.2
 ssl_cert_verify_depth|integer|Certificate authority certificate verification depth, default is 100.
--- a/server/core/service.c
+++ b/server/core/service.c
@ -909,9 +909,7 @@ serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert)
 int
 serviceSetSSLVersion(SERVICE *service, char* version)
 {
-    if(strcasecmp(version,"SSLV2") == 0)
-	service->ssl_method_type = SERVICE_SSLV2;
-    else if(strcasecmp(version,"SSLV3") == 0)
+    if(strcasecmp(version,"SSLV3") == 0)
 	service->ssl_method_type = SERVICE_SSLV3;
    else if(strcasecmp(version,"TLSV10") == 0)
 	service->ssl_method_type = SERVICE_TLS10;
@ -1952,9 +1950,6 @@ int serviceInitSSL(SERVICE* service)
    {
 	switch(service->ssl_method_type)
 	{
-	case SERVICE_SSLV2:
-	    service->method = (SSL_METHOD*)SSLv2_server_method();
-	    break;
 	case SERVICE_SSLV3:
 	    service->method = (SSL_METHOD*)SSLv3_server_method();
 	    break;
--- a/server/include/service.h
+++ b/server/include/service.h
@ -115,7 +115,6 @@ typedef enum {
 } ssl_mode_t;

 enum{
-  SERVICE_SSLV2,
  SERVICE_SSLV3,
  SERVICE_TLS10,
  SERVICE_TLS11,
@ -175,10 +174,10 @@ typedef struct service {
 	char		*weightby;
 	struct service	*next;			/**< The next service in the linked list */
        SSL_CTX         *ctx;
-        SSL_METHOD      *method;                           /*<  SSLv2/3 or TLSv1/2 methods
+        SSL_METHOD      *method;                           /*<  SSLv3 or TLS1.0/1.1/1.2 methods
                                                           * see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */
        int ssl_cert_verify_depth; /*< SSL certificate verification depth */
-        int ssl_method_type; /*< Which of the SSLv2/3 or TLS1.0/1.1/1.2 methods to use */
+        int ssl_method_type; /*< Which of the SSLv3 or TLS1.0/1.1/1.2 methods to use */
        char* ssl_cert; /*< SSL certificate */
        char* ssl_key; /*< SSL private key */
        char* ssl_ca_cert; /*< SSL CA certificate */