Add requirement for TLSv1.1 for VM legacy mode.

This change adds nbdkit curl plugin parameters for specifying TLS version. VM is configured to support TLSv1.1 or greater. Tested: manually, TLSv1.0 is not negotiated during connection. Change-Id: I0d1186534ba3ec2f7937fea65c0cc1f01557cf6e Signed-off-by: Golgowski, Wiktor <wiktor.golgowski@intel.com>
author: Golgowski, Wiktor <wiktor.golgowski@intel.com> 2020-10-02 21:46:34 +0300
committer: Golgowski, Wiktor <wiktor.golgowski@intel.com> 2020-10-02 22:18:35 +0300
commit: 98a31fc5be01cbf29dbcd61a77c33f3c7777ea74 (patch)
tree: c7dc3426812fa50247774779342f515fcf3d6196
parent: f60d05a33fb662d5c41dede89d5018b8614b7fd4 (diff)
download: virtual-media-98a31fc5be01cbf29dbcd61a77c33f3c7777ea74.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/state/activating_state.cpp b/src/state/activating_state.cpp
index e51640a..8b69fac 100644
--- a/src/state/activating_state.cpp
+++ b/src/state/activating_state.cpp
@@ -233,7 +233,8 @@ std::unique_ptr<resource::Process>
                                        // ... to mount http resource at url
                                        "url=" + url,
                                        // custom OpenBMC path for CA
-                                       "capath=/etc/ssl/certs/authority"};
+                                       "capath=/etc/ssl/certs/authority",
+                                       "ssl-version=tlsv1.1"};
 
     // Authenticate if needed
     if (machine.getTarget()->credentials)
author	Golgowski, Wiktor <wiktor.golgowski@intel.com>	2020-10-02 21:46:34 +0300
committer	Golgowski, Wiktor <wiktor.golgowski@intel.com>	2020-10-02 22:18:35 +0300
commit	98a31fc5be01cbf29dbcd61a77c33f3c7777ea74 (patch)
tree	c7dc3426812fa50247774779342f515fcf3d6196
parent	f60d05a33fb662d5c41dede89d5018b8614b7fd4 (diff)
download	virtual-media-98a31fc5be01cbf29dbcd61a77c33f3c7777ea74.tar.xz