#7609 closed Patches (fixed)
Add support for TLS 1.1 and TLS 1.2 to boost::asio::ssl
| Reported by: | Owned by: | chris_kohlhoff | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | asio |
| Version: | Boost Development Trunk | Severity: | Optimization |
| Keywords: | SSL, TLS | Cc: |
Description
boost::asio::ssl is based on OpenSSL library. Boost allow to create ssl::stream that will be using SSL or TLS 1.0, but OpenSSL supports also TLS 1.1 and TLS 1.2 and all that is missing from asio::ssl are several constants. Here is a simple patch that enabled TLS 1.1 and 1.2 client and server modes.
+++ asio/ssl/context_base.hpp 2012-10-30 18:29:03.892959799 +0200
@@ -57,9 +58,21 @@ public:
/// TLS version 1 client.
tlsv1_client,
+ /// TLS version 1.1 client.
+ tlsv1_1_client,
+
+ /// TLS version 1.2 client.
+ tlsv1_2_client,
+
/// TLS version 1 server.
tlsv1_server,
+ /// TLS version 1.1 server.
+ tlsv1_1_server,
+
+ /// TLS version 1.2 server.
+ tlsv1_2_server,
+
/// Generic SSL/TLS.
sslv23,
+++ asio/ssl/impl/context.ipp 2012-10-30 18:03:44.036986053 +0200
@@ -72,9 +72,21 @@ context::context(context::method m)
case context::tlsv1_client:
handle_ = ::SSL_CTX_new(::TLSv1_client_method());
break;
+ case context::tlsv1_1_client:
+ handle_ = ::SSL_CTX_new(::TLSv1_1_client_method());
+ break;
+ case context::tlsv1_2_client:
+ handle_ = ::SSL_CTX_new(::TLSv1_2_client_method());
+ break;
case context::tlsv1_server:
handle_ = ::SSL_CTX_new(::TLSv1_server_method());
break;
+ case context::tlsv1_1_server:
+ handle_ = ::SSL_CTX_new(::TLSv1_1_server_method());
+ break;
+ case context::tlsv1_2_server:
+ handle_ = ::SSL_CTX_new(::TLSv1_2_server_method());
+ break;
case context::sslv23:
handle_ = ::SSL_CTX_new(::SSLv23_method());
break;
@@ -475,6 +487,36 @@ int context::verify_callback_function(in
return 0;
}
+++ asio/ssl/old/detail/openssl_context_service.hpp 2012-10-30 18:20:34.328968995 +0200
@@ -100,9 +101,21 @@ public:
case context_base::tlsv1_client:
impl = ::SSL_CTX_new(::TLSv1_client_method());
break;
+ case context_base::tlsv1_1_client:
+ impl = ::SSL_CTX_new(::TLSv1_1_client_method());
+ break;
+ case context_base::tlsv1_2_client:
+ impl = ::SSL_CTX_new(::TLSv1_2_client_method());
+ break;
case context_base::tlsv1_server:
impl = ::SSL_CTX_new(::TLSv1_server_method());
break;
+ case context_base::tlsv1_1_server:
+ impl = ::SSL_CTX_new(::TLSv1_1_server_method());
+ break;
+ case context_base::tlsv1_2_server:
+ impl = ::SSL_CTX_new(::TLSv1_2_server_method());
+ break;
case context_base::sslv23:
impl = ::SSL_CTX_new(::SSLv23_method());
break;
Change History (2)
comment:1 by , 9 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:2 by , 9 years ago
Using tlsv1_2_server will work with SSL clients ? Is it similar to 'sslv23' which understands SSLv2, SSLv3 and TLSv1 ?
Note:
See TracTickets
for help on using tickets.
Fixed on trunk in [84320].
Merged to release in [84388].