From 0315081e9ea897772f3db6946364a2018a27d649 Mon Sep 17 00:00:00 2001
From: "Czarnowski, Przemyslaw" <przemyslaw.hawrylewicz.czarnowski@intel.com>
Date: Thu, 6 May 2021 14:39:22 +0200
Subject: Legacy HTTPs: Set minimum tls version to 1.2

Due to change of recommendation of minimum TLS version from 1.1 to 1.2,
version passed to CURL plugin of Nbdkit is changed appropriately.

Tested:
Manually; TLSv1.1 server is rejected for Legacy/HTTPs.

Change-Id: Ifc8848817deb9f73a44f551d85f1fe9ba20b3e10
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
---
 src/state/activating_state.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/state/activating_state.cpp b/src/state/activating_state.cpp
index 8101df9..b76ef12 100644
--- a/src/state/activating_state.cpp
+++ b/src/state/activating_state.cpp
@@ -265,7 +265,7 @@ std::unique_ptr<resource::Process>
                                        "url=" + url,
                                        // custom OpenBMC path for CA
                                        "capath=/etc/ssl/certs/authority",
-                                       "ssl-version=tlsv1.1",
+                                       "ssl-version=tlsv1.2",
                                        "ssl-cipher-list=ALL:!eNULL:!aNULL:"
                                        "!AES256-GCM-SHA384:!AES128-GCM-SHA256:"
                                        "!AES256-SHA256:!AES128-SHA256"};
-- 
cgit v1.2.3