[misc] Node.js v12 require TLSv1.2 by default

Correcting SSL test to permit TLSv1 and TLSv1.1 in case of windows server

Author: rusher

documentation/connection-options.md

@@ -367,6 +367,13 @@ Hostname/IP doesn't match certificate's altnames: "Host: other.example.com. is n
 ```
 To fix this, correct the `host` value to correspond to the host identified in the certificate.
 
-
+####  routines:ssl_choose_client_version:unsupported protocol
+
+Since Node.js 12 minimum TLS version is set to 1.2. 
+MariaDB server can be build with different SSL library, old version supporting only TLS up to 1.1.  
+The error "1976:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol" can occur if MariaDB SSL implementation doesn't support TLSv1.2.
+This can be solved by : 
+- Server side: update MariaDB to a recent version
+- Client side: permit lesser version with "tls.DEFAULT_MIN_VERSION = 'TLSv1.1';" or with connection configuration: using option `ssl: { secureProtocol: 'TLSv1_1_method' }'  
 
 

test/integration/test-ssl.js

@@ -4,13 +4,25 @@ const base = require('../base.js');
 const { assert } = require('chai');
 const fs = require('fs');
 const Conf = require('../conf');
+const tls = require('tls');
 
 describe('ssl', function() {
   let ca = null;
   let sslEnable = false;
 
   before(function(done) {
     if (process.env.MAXSCALE_VERSION) this.skip();
+    console.log(tls.DEFAULT_MIN_VERSION);
+    if (
+      process.platform === 'win32' &&
+      tls.DEFAULT_MIN_VERSION === 'TLSv1.2' &&
+      ((shareConn.info.isMariaDB() && !shareConn.info.hasMinVersion(10, 4, 0)) ||
+        (!shareConn.info.isMariaDB() && !shareConn.info.hasMinVersion(8, 0, 0)))
+    ) {
+      //TLSv1.2 is supported on windows only since MariaDB 10.4 and MySQL 8.0
+      //so if testing with Node.js 12, force possible TLS1.1
+      tls.DEFAULT_MIN_VERSION = 'TLSv1.1';
+    }
 
     if (process.env.TEST_SSL_CA_FILE) {
       const caFileName = process.env.TEST_SSL_CA_FILE;