Revert "THRIFT-2258 cpp: Add TLS v1.1/1.2 support to TSSLSocket.cpp"
This reverts commit 01386c95a8f18d55cefc0ad0f33a1154e095f51a.
diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
index 5f91c89..ce971d3 100644
--- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
@@ -55,45 +55,14 @@
static char uppercase(char c);
// SSLContext implementation
-SSLContext::SSLContext(const SSLProtocol& protocol) {
- if(protocol == SSLProtocol::SSLTLS)
- {
- ctx_ = SSL_CTX_new(SSLv23_method());
- }
- else if(protocol == SSLProtocol::SSLv3)
- {
- ctx_ = SSL_CTX_new(SSLv3_method());
- }
- else if(protocol == SSLProtocol::TLSv1_0)
- {
- ctx_ = SSL_CTX_new(TLSv1_method());
- }
- else if(protocol == SSLProtocol::TLSv1_1)
- {
- ctx_ = SSL_CTX_new(TLSv1_1_method());
- }
- else if(protocol == SSLProtocol::TLSv1_2)
- {
- ctx_ = SSL_CTX_new(TLSv1_2_method());
- }
- else
- {
- /// UNKNOWN PROTOCOL!
- throw TSSLException("SSL_CTX_new: Unknown protocol");
- }
-
+SSLContext::SSLContext() {
+ ctx_ = SSL_CTX_new(TLSv1_method());
if (ctx_ == NULL) {
string errors;
buildErrors(errors);
throw TSSLException("SSL_CTX_new: " + errors);
}
SSL_CTX_set_mode(ctx_, SSL_MODE_AUTO_RETRY);
-
- // Disable horribly insecure SSLv2!
- if(protocol == SSLProtocol::SSLTLS)
- {
- SSL_CTX_set_options(ctx_, SSL_OP_NO_SSLv2);
- }
}
SSLContext::~SSLContext() {
@@ -381,14 +350,14 @@
uint64_t TSSLSocketFactory::count_ = 0;
Mutex TSSLSocketFactory::mutex_;
-TSSLSocketFactory::TSSLSocketFactory(const SSLProtocol& protocol): server_(false) {
+TSSLSocketFactory::TSSLSocketFactory(): server_(false) {
Guard guard(mutex_);
if (count_ == 0) {
initializeOpenSSL();
randomize();
}
count_++;
- ctx_ = boost::shared_ptr<SSLContext>(new SSLContext(protocol));
+ ctx_ = boost::shared_ptr<SSLContext>(new SSLContext);
}
TSSLSocketFactory::~TSSLSocketFactory() {
diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.h b/lib/cpp/src/thrift/transport/TSSLSocket.h
index 02d5bda..b379d23 100644
--- a/lib/cpp/src/thrift/transport/TSSLSocket.h
+++ b/lib/cpp/src/thrift/transport/TSSLSocket.h
@@ -31,15 +31,6 @@
class AccessManager;
class SSLContext;
-enum SSLProtocol {
- SSLTLS = 0, // Supports SSLv3 and TLSv1.
- SSLv2 = 1, // Supports SSLv3 only. => HORRIBLY INSECURE!
- SSLv3 = 2, // Supports SSLv3 only.
- TLSv1_0 = 3, // Supports TLSv1_0 only.
- TLSv1_1 = 4, // Supports TLSv1_1 only.
- TLSv1_2 = 5 // Supports TLSv1_2 only.
-};
-
/**
* OpenSSL implementation for SSL socket interface.
*/
@@ -117,10 +108,8 @@
public:
/**
* Constructor/Destructor
- *
- * @param protocol The SSL/TLS protocol to use.
*/
- TSSLSocketFactory(const SSLProtocol& protocol = SSLProtocol::SSLTLS);
+ TSSLSocketFactory();
virtual ~TSSLSocketFactory();
/**
* Create an instance of TSSLSocket with a fresh new socket.
@@ -245,7 +234,7 @@
*/
class SSLContext {
public:
- SSLContext(const SSLProtocol& protocol = SSLProtocol::SSLTLS);
+ SSLContext();
virtual ~SSLContext();
SSL* createSSL();
SSL_CTX* get() { return ctx_; }