Opened 10 years ago

Closed 9 years ago

Last modified 9 years ago

#7609 closed Patches (fixed)

Add support for TLS 1.1 and TLS 1.2 to boost::asio::ssl

Reported by: Roman Bovsunovskiy <a2k0001@…> Owned by: chris_kohlhoff
Milestone: To Be Determined Component: asio
Version: Boost Development Trunk Severity: Optimization
Keywords: SSL, TLS Cc:

Description

boost::asio::ssl is based on OpenSSL library. Boost allow to create ssl::stream that will be using SSL or TLS 1.0, but OpenSSL supports also TLS 1.1 and TLS 1.2 and all that is missing from asio::ssl are several constants. Here is a simple patch that enabled TLS 1.1 and 1.2 client and server modes.

+++ asio/ssl/context_base.hpp	2012-10-30 18:29:03.892959799 +0200
@@ -57,9 +58,21 @@ public:
     /// TLS version 1 client.
     tlsv1_client,

+    /// TLS version 1.1 client.
+    tlsv1_1_client,
+
+    /// TLS version 1.2 client.
+    tlsv1_2_client,
+
     /// TLS version 1 server.
     tlsv1_server,

+    /// TLS version 1.1 server.
+    tlsv1_1_server,
+
+    /// TLS version 1.2 server.
+    tlsv1_2_server,
+
     /// Generic SSL/TLS.
     sslv23,
+++ asio/ssl/impl/context.ipp	2012-10-30 18:03:44.036986053 +0200
@@ -72,9 +72,21 @@ context::context(context::method m)
   case context::tlsv1_client:
     handle_ = ::SSL_CTX_new(::TLSv1_client_method());
     break;
+  case context::tlsv1_1_client:
+    handle_ = ::SSL_CTX_new(::TLSv1_1_client_method());
+    break;
+  case context::tlsv1_2_client:
+    handle_ = ::SSL_CTX_new(::TLSv1_2_client_method());
+    break;
   case context::tlsv1_server:
     handle_ = ::SSL_CTX_new(::TLSv1_server_method());
     break;
+  case context::tlsv1_1_server:
+    handle_ = ::SSL_CTX_new(::TLSv1_1_server_method());
+    break;
+  case context::tlsv1_2_server:
+    handle_ = ::SSL_CTX_new(::TLSv1_2_server_method());
+    break;
   case context::sslv23:
     handle_ = ::SSL_CTX_new(::SSLv23_method());
     break;
@@ -475,6 +487,36 @@ int context::verify_callback_function(in
   return 0;
 }
+++ asio/ssl/old/detail/openssl_context_service.hpp	2012-10-30 18:20:34.328968995 +0200
@@ -100,9 +101,21 @@ public:
     case context_base::tlsv1_client:
       impl = ::SSL_CTX_new(::TLSv1_client_method());
       break;
+    case context_base::tlsv1_1_client:
+      impl = ::SSL_CTX_new(::TLSv1_1_client_method());
+      break;
+    case context_base::tlsv1_2_client:
+      impl = ::SSL_CTX_new(::TLSv1_2_client_method());
+      break;
     case context_base::tlsv1_server:
       impl = ::SSL_CTX_new(::TLSv1_server_method());
       break;
+    case context_base::tlsv1_1_server:
+      impl = ::SSL_CTX_new(::TLSv1_1_server_method());
+      break;
+    case context_base::tlsv1_2_server:
+      impl = ::SSL_CTX_new(::TLSv1_2_server_method());
+      break;
     case context_base::sslv23:
       impl = ::SSL_CTX_new(::SSLv23_method());
       break;

Change History (2)

comment:1 by chris_kohlhoff, 9 years ago

Resolution: fixed
Status: newclosed

Fixed on trunk in [84320].

Merged to release in [84388].

comment:2 by anonymous, 9 years ago

Using tlsv1_2_server will work with SSL clients ? Is it similar to 'sslv23' which understands SSLv2, SSLv3 and TLSv1 ?

Note: See TracTickets for help on using tickets.