From 189fa772310e07d3c093f85f0f2178d26a17e528 Mon Sep 17 00:00:00 2001 From: abitmore Date: Thu, 4 Mar 2021 18:39:15 +0000 Subject: [PATCH 1/2] Force TLSv1.2 or above when using libcurl --- libraries/plugins/elasticsearch/elasticsearch_plugin.cpp | 5 ++++- libraries/plugins/es_objects/es_objects.cpp | 5 ++++- tests/elasticsearch/main.cpp | 4 ++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/libraries/plugins/elasticsearch/elasticsearch_plugin.cpp b/libraries/plugins/elasticsearch/elasticsearch_plugin.cpp index 2860057f3a..9d61cd2fee 100644 --- a/libraries/plugins/elasticsearch/elasticsearch_plugin.cpp +++ b/libraries/plugins/elasticsearch/elasticsearch_plugin.cpp @@ -38,7 +38,10 @@ class elasticsearch_plugin_impl public: elasticsearch_plugin_impl(elasticsearch_plugin& _plugin) : _self( _plugin ) - { curl = curl_easy_init(); } + { + curl = curl_easy_init(); + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); + } virtual ~elasticsearch_plugin_impl(); bool update_account_histories( const signed_block& b ); diff --git a/libraries/plugins/es_objects/es_objects.cpp b/libraries/plugins/es_objects/es_objects.cpp index 9aec0f574d..f89a11065b 100644 --- a/libraries/plugins/es_objects/es_objects.cpp +++ b/libraries/plugins/es_objects/es_objects.cpp @@ -43,7 +43,10 @@ class es_objects_plugin_impl public: es_objects_plugin_impl(es_objects_plugin& _plugin) : _self( _plugin ) - { curl = curl_easy_init(); } + { + curl = curl_easy_init(); + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); + } virtual ~es_objects_plugin_impl(); bool index_database(const vector& ids, std::string action); diff --git a/tests/elasticsearch/main.cpp b/tests/elasticsearch/main.cpp index 5e3b0458f2..e747de5b07 100644 --- a/tests/elasticsearch/main.cpp +++ b/tests/elasticsearch/main.cpp @@ -51,6 +51,7 @@ BOOST_AUTO_TEST_CASE(elasticsearch_account_history) { CURL *curl; // curl handler curl = curl_easy_init(); + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); graphene::utilities::ES es; es.curl = curl; @@ -140,6 +141,7 @@ BOOST_AUTO_TEST_CASE(elasticsearch_objects) { CURL *curl; // curl handler curl = curl_easy_init(); + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); graphene::utilities::ES es; es.curl = curl; @@ -195,6 +197,7 @@ BOOST_AUTO_TEST_CASE(elasticsearch_suite) { CURL *curl; // curl handler curl = curl_easy_init(); + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); graphene::utilities::ES es; es.curl = curl; @@ -221,6 +224,7 @@ BOOST_AUTO_TEST_CASE(elasticsearch_history_api) { try { CURL *curl; // curl handler curl = curl_easy_init(); + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); graphene::utilities::ES es; es.curl = curl; From 4500401a76c9ce5c3b6dbb4c3d4ca9688b950d1f Mon Sep 17 00:00:00 2001 From: abitmore Date: Fri, 5 Mar 2021 17:41:03 +0000 Subject: [PATCH 2/2] Force TLSv1.2 or above when using libcurl (more) --- libraries/plugins/elasticsearch/elasticsearch_plugin.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/libraries/plugins/elasticsearch/elasticsearch_plugin.cpp b/libraries/plugins/elasticsearch/elasticsearch_plugin.cpp index 9d61cd2fee..07189c9af5 100644 --- a/libraries/plugins/elasticsearch/elasticsearch_plugin.cpp +++ b/libraries/plugins/elasticsearch/elasticsearch_plugin.cpp @@ -653,6 +653,7 @@ graphene::utilities::ES elasticsearch_plugin::prepareHistoryQuery(string query) { CURL *curl; curl = curl_easy_init(); + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); graphene::utilities::ES es; es.curl = curl;