MXS-2811: Set TLS version with MARIADB_OPT_TLS_VERSION

The ssl_version values now also affect the TLS version used by the connector.
mariadb-corporation · Mar 5, 2020 · 9eceeff · 9eceeff
1 parent fda12c0
commit 9eceeff
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/server/core/mysql_utils.cc b/server/core/mysql_utils.cc
@@ -47,6 +47,24 @@ MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, cons
         const char* ssl_cert = ssl->cert.empty() ? nullptr : ssl->cert.c_str();
         const char* ssl_ca = ssl->ca.empty() ? nullptr : ssl->ca.c_str();
         mysql_ssl_set(con, ssl_key, ssl_cert, ssl_ca, NULL, NULL);
+
+        switch (ssl->version)
+        {
+        case SERVICE_TLS11:
+            mysql_optionsv(con, MARIADB_OPT_TLS_VERSION, "TLSv1.1,TLSv1.2,TLSv1.3");
+            break;
+
+        case SERVICE_TLS12:
+            mysql_optionsv(con, MARIADB_OPT_TLS_VERSION, "TLSv1.2,TLSv1.3");
+            break;
+
+        case SERVICE_TLS13:
+            mysql_optionsv(con, MARIADB_OPT_TLS_VERSION, "TLSv1.3");
+            break;
+
+        default:
+            break;
+        }
     }
 
     char yes = 1;