hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2861: Add ssl_cipher to servers and listeners

Browse Source 
This allows the set of TLSv1.2 ciphers to be selected which is required to
fulfill certain regulatory requirements.
This commit is contained in:
Markus Mäkelä
2020-04-08 08:32:01 +03:00
parent 1ff112ca38
commit 83b03d89b5
5 changed files with 34 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/core/ssl.cc
View File

@ -201,6 +201,7 @@ SSLConfig::SSLConfig(const MXS_CONFIG_PARAMETER& params)
, version((ssl_method_type_t)params.get_enum(CN_SSL_VERSION, ssl_version_values))
, verify_depth(params.get_integer(CN_SSL_CERT_VERIFY_DEPTH))
, verify_peer(params.get_bool(CN_SSL_VERIFY_PEER_CERTIFICATE))
, cipher(params.get_string(CN_SSL_CIPHER))
{
}
@ -384,6 +385,15 @@ bool SSLContext::init()
/* Set the verification depth */
SSL_CTX_set_verify_depth(m_ctx, m_cfg.verify_depth);
if (!m_cfg.cipher.empty())
{
if (SSL_CTX_set_cipher_list(m_ctx, m_cfg.cipher.c_str()) == 0)
{
MXS_ERROR("Could not set cipher list '%s': %s", m_cfg.cipher.c_str(), get_ssl_errors());
return false;
}
}
return true;
}