Is there any Neon api to set minimum TLS protocol version in SSL_CTX

notroj commented 2 months ago

Discussed in https://github.com/notroj/neon/discussions/163

^{Originally posted by **Subha-work101** August 13, 2024} Hi Team, I am using the neon library in one of my application development. I wanted the TLS connection to happen only via TLS 1.2. I came across the openssl api to control the protocol using SSL_CTX_set_min_proto_version. I wanted to know is there any neon api which can be used to set the SSL context with the minimum protocol version while sending the request via Neon. Thanks, Subha

notroj commented 2 months ago

No, but it's a reasonable request. I've created #164 to track this as an issue. I think an API like the following would work.


   #define NE_SSL_VERS_ANY (0)
   #define NE_SSL_VERS_TLS1_0 (1)
   #define NE_SSL_VERS_TLS1_1 (2)
   #define NE_SSL_VERS_TLS1_2 (3)
   #define NE_SSL_VERS_TLS1_3 (4)

   void ne_ssl_set_versions(ne_session *sess, int minimum, int maximum);

could work with both OpenSSL https://docs.openssl.org/master/man3/SSL_CTX_set_min_proto_version/ and translated into GnuTLS https://gnutls.org/manual/html_node/Core-TLS-API.html#gnutls_005fset_005fdefault_005fpriority_005fappend

Subha-work101 commented 2 months ago

Thanks Joe for your response, Is it possible to provide a patch with this fix. We are currently using neon-0.32.2 version.

notroj / neon

Is there any Neon api to set minimum TLS protocol version in SSL_CTX #164

Discussed in https://github.com/notroj/neon/discussions/163