MXS-2861: Add ssl_cipher to servers and listeners

This allows the set of TLSv1.2 ciphers to be selected which is required to fulfill certain regulatory requirements.
2020-04-08 08:32:01 +03:00
parent 1ff112ca38
commit 83b03d89b5
5 changed files with 34 additions and 6 deletions
--- a/include/maxscale/config.hh
+++ b/include/maxscale/config.hh
@ -196,6 +196,7 @@ extern const char CN_SKIP_PERMISSION_CHECKS[];
 extern const char CN_SOCKET[];
 extern const char CN_SSL_CA_CERT[];
 extern const char CN_SSL_CERT_VERIFY_DEPTH[];
+extern const char CN_SSL_CIPHER[];
 extern const char CN_SSL_CERT[];
 extern const char CN_SSL_KEY[];
 extern const char CN_SSL_VERIFY_PEER_CERTIFICATE[];
--- a/include/maxscale/ssl.hh
+++ b/include/maxscale/ssl.hh
@ -77,12 +77,13 @@ struct SSLConfig
    // Convert to human readable string representation
    std::string to_string() const;

-    std::string       key;                              /**< SSL private key */
-    std::string       cert;                             /**< SSL certificate */
-    std::string       ca;                               /**< SSL CA certificate */
-    ssl_method_type_t version = SERVICE_SSL_TLS_MAX;    /**< Which TLS version to use */
-    int               verify_depth = 9;                 /**< SSL certificate verification depth */
-    bool              verify_peer = true;               /**< Enable peer certificate verification */
+    std::string       key;                          /**< SSL private key */
+    std::string       cert;                         /**< SSL certificate */
+    std::string       ca;                           /**< SSL CA certificate */
+    ssl_method_type_t version = SERVICE_SSL_TLS_MAX;/**< Which TLS version to use */
+    int               verify_depth = 9;             /**< SSL certificate verification depth */
+    bool              verify_peer = true;           /**< Enable peer certificate verification */
+    std::string       cipher;                       /**< Selected TLS cipher */
 };

 /**