diff options
author | Golgowski, Wiktor <wiktor.golgowski@intel.com> | 2020-10-02 21:46:34 +0300 |
---|---|---|
committer | Golgowski, Wiktor <wiktor.golgowski@intel.com> | 2020-10-02 22:18:35 +0300 |
commit | 98a31fc5be01cbf29dbcd61a77c33f3c7777ea74 (patch) | |
tree | c7dc3426812fa50247774779342f515fcf3d6196 | |
parent | f60d05a33fb662d5c41dede89d5018b8614b7fd4 (diff) | |
download | virtual-media-98a31fc5be01cbf29dbcd61a77c33f3c7777ea74.tar.xz |
Add requirement for TLSv1.1 for VM legacy mode.
This change adds nbdkit curl plugin parameters for specifying TLS
version. VM is configured to support TLSv1.1 or greater.
Tested: manually, TLSv1.0 is not negotiated during connection.
Change-Id: I0d1186534ba3ec2f7937fea65c0cc1f01557cf6e
Signed-off-by: Golgowski, Wiktor <wiktor.golgowski@intel.com>
-rw-r--r-- | src/state/activating_state.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/state/activating_state.cpp b/src/state/activating_state.cpp index e51640a..8b69fac 100644 --- a/src/state/activating_state.cpp +++ b/src/state/activating_state.cpp @@ -233,7 +233,8 @@ std::unique_ptr<resource::Process> // ... to mount http resource at url "url=" + url, // custom OpenBMC path for CA - "capath=/etc/ssl/certs/authority"}; + "capath=/etc/ssl/certs/authority", + "ssl-version=tlsv1.1"}; // Authenticate if needed if (machine.getTarget()->credentials) |