From 9eceeffc0445d8f4459a1572a305901f1925c3c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Thu, 5 Mar 2020 00:23:21 +0200
Subject: [PATCH] MXS-2811: Set TLS version with MARIADB_OPT_TLS_VERSION

The ssl_version values now also affect the TLS version used by the
connector.
---
 server/core/mysql_utils.cc | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/server/core/mysql_utils.cc b/server/core/mysql_utils.cc
index ae263b9f8..64908d964 100644
--- a/server/core/mysql_utils.cc
+++ b/server/core/mysql_utils.cc
@@ -47,6 +47,24 @@ MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, cons
         const char* ssl_cert = ssl->cert.empty() ? nullptr : ssl->cert.c_str();
         const char* ssl_ca = ssl->ca.empty() ? nullptr : ssl->ca.c_str();
         mysql_ssl_set(con, ssl_key, ssl_cert, ssl_ca, NULL, NULL);
+
+        switch (ssl->version)
+        {
+        case SERVICE_TLS11:
+            mysql_optionsv(con, MARIADB_OPT_TLS_VERSION, "TLSv1.1,TLSv1.2,TLSv1.3");
+            break;
+
+        case SERVICE_TLS12:
+            mysql_optionsv(con, MARIADB_OPT_TLS_VERSION, "TLSv1.2,TLSv1.3");
+            break;
+
+        case SERVICE_TLS13:
+            mysql_optionsv(con, MARIADB_OPT_TLS_VERSION, "TLSv1.3");
+            break;
+
+        default:
+            break;
+        }
     }
 
     char yes = 1;