From ca197cdc0d3c007911bacb0798ea28e76f502a82 Mon Sep 17 00:00:00 2001 From: Dominik Charousset Date: Thu, 30 May 2024 16:02:48 +0200 Subject: [PATCH] Enforce TLS version 1.2 as minimum when using SSL --- libbroker/broker/internal/connector.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libbroker/broker/internal/connector.cc b/libbroker/broker/internal/connector.cc index 7ef5db82..7717bc26 100644 --- a/libbroker/broker/internal/connector.cc +++ b/libbroker/broker/internal/connector.cc @@ -261,6 +261,8 @@ ssl_context_from_cfg(const openssl_options_ptr& cfg) { if (SSL_CTX_set_cipher_list(ctx.get(), cipher) != 1) throw ssl_error("failed to set anonymous cipher"); } + // Prohibit outdated and insecure protocols. + SSL_CTX_set_min_proto_version(ctx.get(), TLS1_2_VERSION); return ctx; }