diff options
| author | Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2021-05-06 15:39:22 +0300 |
|---|---|---|
| committer | Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2021-05-07 11:22:46 +0300 |
| commit | 0315081e9ea897772f3db6946364a2018a27d649 (patch) | |
| tree | 1556f603cb5fa1eeec74fb8844b764273876518c | |
| parent | cf73c528b695ffff93523722b2ec9f40e81bd98b (diff) | |
| download | virtual-media-0315081e9ea897772f3db6946364a2018a27d649.tar.xz | |
Legacy HTTPs: Set minimum tls version to 1.2
Due to change of recommendation of minimum TLS version from 1.1 to 1.2,
version passed to CURL plugin of Nbdkit is changed appropriately.
Tested:
Manually; TLSv1.1 server is rejected for Legacy/HTTPs.
Change-Id: Ifc8848817deb9f73a44f551d85f1fe9ba20b3e10
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
| -rw-r--r-- | src/state/activating_state.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/state/activating_state.cpp b/src/state/activating_state.cpp index 8101df9..b76ef12 100644 --- a/src/state/activating_state.cpp +++ b/src/state/activating_state.cpp @@ -265,7 +265,7 @@ std::unique_ptr<resource::Process> "url=" + url, // custom OpenBMC path for CA "capath=/etc/ssl/certs/authority", - "ssl-version=tlsv1.1", + "ssl-version=tlsv1.2", "ssl-cipher-list=ALL:!eNULL:!aNULL:" "!AES256-GCM-SHA384:!AES128-GCM-SHA256:" "!AES256-SHA256:!AES128-SHA256"}; |