Handle edge cases, log enabled TLS/SSL versions

author: Michael Klishin <michael@rabbitmq.com> 2014-10-20 11:21:46 +0400
committer: Michael Klishin <michael@rabbitmq.com> 2014-10-20 11:21:46 +0400
commit: 517e2c9e316bdeaa0c70dbb83f5da05b3f15b5a4 (patch)
tree: b3057c8faf16a5f556b28fa6939786550197cbcf
parent: bdaad6d911c337a1b477bd423bd47001ff733508 (diff)
download: rabbitmq-server-517e2c9e316bdeaa0c70dbb83f5da05b3f15b5a4.tar.gz
1 files changed, 19 insertions, 6 deletions
diff --git a/src/rabbit_networking.erl b/src/rabbit_networking.erl
index 4e92bf39..8a5c6f9e 100644
--- a/src/rabbit_networking.erl
+++ b/src/rabbit_networking.erl
@@ -143,26 +143,39 @@ start() -> rabbit_sup:start_supervisor_child(
              [{local, rabbit_tcp_client_sup},
               {rabbit_connection_sup,start_link,[]}]).
 
+-define(ENABLED_TLS_VERSIONS, ['tlsv1.2','tlsv1.1',tlsv1]).
+
 ensure_ssl() ->
     {ok, SslAppsConfig} = application:get_env(rabbit, ssl_apps),
     ok = app_utils:start_applications(SslAppsConfig),
     {ok, SslOptsConfig} = application:get_env(rabbit, ssl_options),
-
-    case rabbit_misc:pget(verify_fun, SslOptsConfig) of
+    SslOptsConfig1 = case rabbit_misc:pget(versions, SslOptsConfig) of
+                         undefined ->
+                             rabbit_misc:pset(versions, ?ENABLED_TLS_VERSIONS,
+                                              SslOptsConfig);
+                         [] ->
+                             rabbit_misc:pset(versions, ?ENABLED_TLS_VERSIONS,
+                                              SslOptsConfig);
+                         Val ->
+                             SslOptsConfig
+                     end,
+    rabbit_log:info("Enabled TLS/SSL versions: ~p~n",
+                    [rabbit_misc:pget(versions, SslOptsConfig1)]),
+    case rabbit_misc:pget(verify_fun, SslOptsConfig1) of
         {Module, Function} ->
             rabbit_misc:pset(verify_fun,
                              fun (ErrorList) ->
                                      Module:Function(ErrorList)
-                             end, SslOptsConfig);
+                             end, SslOptsConfig1);
         undefined ->
             % unknown_ca errors are silently ignored prior to R14B unless we
             % supply this verify_fun - remove when at least R14B is required
-            case proplists:get_value(verify, SslOptsConfig, verify_none) of
-                verify_none -> SslOptsConfig;
+            case proplists:get_value(verify, SslOptsConfig1, verify_none) of
+                verify_none -> SslOptsConfig1;
                 verify_peer -> [{verify_fun, fun([])    -> true;
                                                 ([_|_]) -> false
                                              end}
-                                | SslOptsConfig]
+                                | SslOptsConfig1]
             end
     end.
author	Michael Klishin <michael@rabbitmq.com>	2014-10-20 11:21:46 +0400
committer	Michael Klishin <michael@rabbitmq.com>	2014-10-20 11:21:46 +0400
commit	517e2c9e316bdeaa0c70dbb83f5da05b3f15b5a4 (patch)
tree	b3057c8faf16a5f556b28fa6939786550197cbcf
parent	bdaad6d911c337a1b477bd423bd47001ff733508 (diff)
download	rabbitmq-server-517e2c9e316bdeaa0c70dbb83f5da05b3f15b5a4.tar.gz