From 80b1ad5773c2ba051d182c150f5954d1f032ad85 Mon Sep 17 00:00:00 2001
From: dmatetelki <denes.matetelki@emerson.com>
Date: Wed, 18 May 2016 11:17:59 +0200
Subject: [PATCH] SslConnection allows TLSv1.2 only

---
 lib/cpp_utils/SslConnection.cpp | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/cpp_utils/SslConnection.cpp b/lib/cpp_utils/SslConnection.cpp
index 71761a0..d01f6a0 100644
--- a/lib/cpp_utils/SslConnection.cpp
+++ b/lib/cpp_utils/SslConnection.cpp
@@ -186,12 +186,17 @@ bool SslConnection::initServerContext( const std::string certificateFile,
 {
   TRACE;
 
-  m_sslContext = SSL_CTX_new (SSLv3_method ());
+  m_sslContext = SSL_CTX_new (TLSv1_2_server_method ());
   if ( m_sslContext == NULL ) {
     LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() );
     return false;
   }
 
+  SSL_CTX_set_options(m_sslContext, SSL_OP_NO_SSLv2);
+  SSL_CTX_set_options(m_sslContext, SSL_OP_NO_SSLv3);
+  SSL_CTX_set_options(m_sslContext, SSL_OP_NO_TLSv1);
+  SSL_CTX_set_options(m_sslContext, SSL_OP_NO_TLSv1_1);
+
   if ( !loadCertificates(certificateFile, privateKeyFile) )
     return false;
 
@@ -203,12 +208,17 @@ bool SslConnection::initClientContext()
 {
   TRACE;
 
-  m_sslContext = SSL_CTX_new (SSLv3_method ());
+  m_sslContext = SSL_CTX_new (TLSv1_2_client_method ());
   if ( m_sslContext == NULL ) {
     LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() );
     return false;
   }
 
+  SSL_CTX_set_options(m_sslContext, SSL_OP_NO_SSLv2);
+  SSL_CTX_set_options(m_sslContext, SSL_OP_NO_SSLv3);
+  SSL_CTX_set_options(m_sslContext, SSL_OP_NO_TLSv1);
+  SSL_CTX_set_options(m_sslContext, SSL_OP_NO_TLSv1_1);
+
   return initHandle();
 }