Enable tlsv2 when TLS is used #309

taste1981 · 2021-06-08T07:13:21Z

Most endpoint now deprecate TLSv1 support. Thus we need to enable TLSv2.

pklapperich · 2021-08-09T20:17:17Z

src/internal/sio_client_impl.cpp

@@ -577,10 +577,9 @@ namespace sio
 #if SIO_TLS
    client_impl::context_ptr client_impl::on_tls_init(connection_hdl conn)
    {
-        context_ptr ctx = context_ptr(new  asio::ssl::context(asio::ssl::context::tlsv1));
+        context_ptr ctx = context_ptr(new  asio::ssl::context(asio::ssl::context::tlsv12));


Isn't this forcing TLSv1.2 even if the server supports TLS v1.3?

Usually client libraries are permissive and connect using the most secure connection the server will allow, but there's a good argument for blacklisting ciphers and handshakes that are no longer considered secure to prevent downgrade attacks. Is it possible to choose "any TLS other than v1.0 or v1.1"? If not, I think just permitting all TLS handshakes supported by the server is probably better than hardcoding to v1.2 (eg: asio::ssl::context::tls).

Always allow TLSv2 by default.

042322a

taste1981 mentioned this pull request Jun 8, 2021

Enable tlsv2 when TLS is used. #310

Merged

darrachequesne merged commit 6b9f5fb into socketio:2.x Jun 11, 2021

pklapperich reviewed Aug 9, 2021

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Enable tlsv2 when TLS is used #309

Enable tlsv2 when TLS is used #309

Uh oh!

taste1981 commented Jun 8, 2021

Uh oh!

pklapperich Aug 9, 2021

Uh oh!

Uh oh!

Enable tlsv2 when TLS is used #309

Enable tlsv2 when TLS is used #309

Uh oh!

Conversation

taste1981 commented Jun 8, 2021

Uh oh!

pklapperich Aug 9, 2021

Choose a reason for hiding this comment

Uh oh!

Uh oh!