Attachment #227283 for bug #257912

View | Details | Raw Unified | Return to bug 257912
Collapse All | Expand All




#include <openssl/tls1.h>
#include <openssl/x509v3.h>
#ifndef OPENSSL_IS_BORINGSSL
#include <openssl/dtls1.h>
#include <openssl/ssl.h>
#ifdef LIBRESSL_VERSION_NUMBER
#include <openssl/ssl3.h>
#endif
#include <openssl/dtls1.h>
#endif

#include <memory>

  if (ssl_mode_ == SSL_MODE_DTLS) {
    if (ssl_version == DTLS1_VERSION) {
      return SSL_PROTOCOL_DTLS_10;
#ifndef LIBRESSL_VERSION_NUMBER
    } else if (ssl_version == DTLS1_2_VERSION) {
      return SSL_PROTOCOL_DTLS_12;
#endif
    }
  } else {
    if (ssl_version == TLS1_VERSION) {

      case SSL_PROTOCOL_TLS_12:
      default:
        SSL_CTX_set_max_proto_version(
#ifdef LIBRESSL_VERSION_NUMBER
            ctx, TLS1_2_VERSION);
#else
            ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
#endif
        break;
    }
  } else {
    // TODO(https://bugs.webrtc.org/10261): Make this the default in M84.
    SSL_CTX_set_min_proto_version(
#ifdef LIBRESSL_VERSION_NUMBER
        ctx, TLS1_2_VERSION);
#else
        ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
#endif
    SSL_CTX_set_max_proto_version(
#ifdef LIBRESSL_VERSION_NUMBER
        ctx, TLS1_2_VERSION);
#else
        ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
#endif
  }

#ifdef OPENSSL_IS_BORINGSSL

Return to bug 257912

Lines 17-24 Link Here

(-)src/rtc_base/openssl_stream_adapter.cc (-1 / +18 lines)
17	#include <openssl/tls1.h>	17	#include <openssl/tls1.h>
18	#include <openssl/x509v3.h>	18	#include <openssl/x509v3.h>
19	#ifndef OPENSSL_IS_BORINGSSL	19	#ifndef OPENSSL_IS_BORINGSSL
20	#include <openssl/dtls1.h>
21	#include <openssl/ssl.h>	20	#include <openssl/ssl.h>
		21	#ifdef LIBRESSL_VERSION_NUMBER
		22	#include <openssl/ssl3.h>
		23	#endif
		24	#include <openssl/dtls1.h>
22	#endif	25	#endif
23		26
24	#include <memory>	27	#include <memory>
Lines 392-399 SSLProtocolVersion OpenSSLStreamAdapter::GetSslVersion() const { Link Here
392	if (ssl_mode_ == SSL_MODE_DTLS) {	395	if (ssl_mode_ == SSL_MODE_DTLS) {
393	if (ssl_version == DTLS1_VERSION) {	396	if (ssl_version == DTLS1_VERSION) {
394	return SSL_PROTOCOL_DTLS_10;	397	return SSL_PROTOCOL_DTLS_10;
		398	#ifndef LIBRESSL_VERSION_NUMBER
395	} else if (ssl_version == DTLS1_2_VERSION) {	399	} else if (ssl_version == DTLS1_2_VERSION) {
396	return SSL_PROTOCOL_DTLS_12;	400	return SSL_PROTOCOL_DTLS_12;
		401	#endif
397	}	402	}
398	} else {	403	} else {
399	if (ssl_version == TLS1_VERSION) {	404	if (ssl_version == TLS1_VERSION) {
Lines 985-999 SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() { Link Here
985	case SSL_PROTOCOL_TLS_12:	990	case SSL_PROTOCOL_TLS_12:
986	default:	991	default:
987	SSL_CTX_set_max_proto_version(	992	SSL_CTX_set_max_proto_version(
		993	#ifdef LIBRESSL_VERSION_NUMBER
		994	ctx, TLS1_2_VERSION);
		995	#else
988	ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);	996	ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
		997	#endif
989	break;	998	break;
990	}	999	}
991	} else {	1000	} else {
992	// TODO(https://bugs.webrtc.org/10261): Make this the default in M84.	1001	// TODO(https://bugs.webrtc.org/10261): Make this the default in M84.
993	SSL_CTX_set_min_proto_version(	1002	SSL_CTX_set_min_proto_version(
		1003	#ifdef LIBRESSL_VERSION_NUMBER
		1004	ctx, TLS1_2_VERSION);
		1005	#else
994	ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);	1006	ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
		1007	#endif
995	SSL_CTX_set_max_proto_version(	1008	SSL_CTX_set_max_proto_version(
		1009	#ifdef LIBRESSL_VERSION_NUMBER
		1010	ctx, TLS1_2_VERSION);
		1011	#else
996	ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);	1012	ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
		1013	#endif
997	}	1014	}
998		1015
999	#ifdef OPENSSL_IS_BORINGSSL	1016	#ifdef OPENSSL_IS_BORINGSSL