Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explicit set minimum version to TLS1 when using BoringSSL #902

Merged
merged 1 commit into from
Nov 1, 2024
Merged

Explicit set minimum version to TLS1 when using BoringSSL #902

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions openssl-dynamic/src/main/c/sslcontext.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,11 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jint protocol, jint mod
// See https://github.com/google/boringssl/blob/chromium-stable/PORTING.md#crypto_buffer
ctx = SSL_CTX_new(TLS_with_buffers_method());

// We need to set the minimum TLS version to TLS1 to be able to enable it explicitly later. By default
// TLS1_2_VERSION is the minimum with BoringSSL these days:
// See https://github.com/google/boringssl/commit/e95b0cad901abd49755d2a2a2f1f6c3e87d12b94
SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);

// Needed in BoringSSL to be able to use TLSv1.3
//
// See http://hg.nginx.org/nginx/rev/7ad0f4ace359
Expand Down
Loading