From 3974a286ea992236af9b72205f6733fc24059496 Mon Sep 17 00:00:00 2001 From: Andrew Egeler Date: Sun, 15 Nov 2015 22:01:15 -0500 Subject: [PATCH] Support for TLS 1.1 and 1.2, default to TLSv1.2 --- lib/OpenSSL.pm6 | 13 +++++++++++-- lib/OpenSSL/Method.pm6 | 30 ++++++++++++++++++------------ 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/lib/OpenSSL.pm6 b/lib/OpenSSL.pm6 index 9b98167..a9d6434 100644 --- a/lib/OpenSSL.pm6 +++ b/lib/OpenSSL.pm6 @@ -39,13 +39,22 @@ method new(Bool :$client = False, Int :$version?) { when 3 { $method = ($client ?? OpenSSL::Method::SSLv3_client_method() !! OpenSSL::Method::SSLv3_server_method()); } - default { + when 1 { $method = ($client ?? OpenSSL::Method::TLSv1_client_method() !! OpenSSL::Method::TLSv1_server_method()); } + when 1.1 { + $method = ($client ?? OpenSSL::Method::TLSv1_1_client_method() !! OpenSSL::Method::TLSv1_1_server_method()); + } + when 1.2 { + $method = ($client ?? OpenSSL::Method::TLSv1_2_client_method() !! OpenSSL::Method::TLSv1_2_server_method()); + } + default { + $method = ($client ?? OpenSSL::Method::TLSv1_2_client_method() !! OpenSSL::Method::TLSv1_2_server_method()); + } } } else { - $method = $client ?? OpenSSL::Method::TLSv1_client_method() !! OpenSSL::Method::TLSv1_server_method(); + $method = $client ?? OpenSSL::Method::TLSv1_2_client_method() !! OpenSSL::Method::TLSv1_2_server_method(); } my $ctx = OpenSSL::Ctx::SSL_CTX_new( $method ); my $ssl = OpenSSL::SSL::SSL_new( $ctx ); diff --git a/lib/OpenSSL/Method.pm6 b/lib/OpenSSL/Method.pm6 index 4d1fce4..47373e8 100644 --- a/lib/OpenSSL/Method.pm6 +++ b/lib/OpenSSL/Method.pm6 @@ -7,15 +7,21 @@ class SSL_METHOD is repr('CStruct') { has int32 $.version; } -our sub SSLv2_client_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub SSLv2_server_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub SSLv2_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub SSLv3_client_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub SSLv3_server_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub SSLv3_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub SSLv23_client_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub SSLv23_server_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub SSLv23_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub TLSv1_client_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub TLSv1_server_method() returns SSL_METHOD is native(&ssl-lib) { ... } -our sub TLSv1_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub SSLv2_client_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub SSLv2_server_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub SSLv2_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub SSLv3_client_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub SSLv3_server_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub SSLv3_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub SSLv23_client_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub SSLv23_server_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub SSLv23_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub TLSv1_client_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub TLSv1_server_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub TLSv1_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub TLSv1_1_client_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub TLSv1_1_server_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub TLSv1_1_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub TLSv1_2_client_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub TLSv1_2_server_method() returns SSL_METHOD is native(&ssl-lib) { ... } +our sub TLSv1_2_method() returns SSL_METHOD is native(&ssl-lib) { ... }