MXS-2811: Set TLS version with MARIADB_OPT_TLS_VERSION

The ssl_version values now also affect the TLS version used by the connector.
2020-03-05 00:23:21 +02:00 · 2020-03-05 00:23:21 +02:00 · 9eceeffc04
commit 9eceeffc04
parent fda12c0cb2
1 changed files with 18 additions and 0 deletions
--- a/server/core/mysql_utils.cc
+++ b/server/core/mysql_utils.cc
@ -47,6 +47,24 @@ MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, cons
        const char* ssl_cert = ssl->cert.empty() ? nullptr : ssl->cert.c_str();
        const char* ssl_ca = ssl->ca.empty() ? nullptr : ssl->ca.c_str();
        mysql_ssl_set(con, ssl_key, ssl_cert, ssl_ca, NULL, NULL);
+
+        switch (ssl->version)
+        {
+        case SERVICE_TLS11:
+            mysql_optionsv(con, MARIADB_OPT_TLS_VERSION, "TLSv1.1,TLSv1.2,TLSv1.3");
+            break;
+
+        case SERVICE_TLS12:
+            mysql_optionsv(con, MARIADB_OPT_TLS_VERSION, "TLSv1.2,TLSv1.3");
+            break;
+
+        case SERVICE_TLS13:
+            mysql_optionsv(con, MARIADB_OPT_TLS_VERSION, "TLSv1.3");
+            break;
+
+        default:
+            break;
+        }
    }

    char yes = 1;