adamdebreceni commented on code in PR #1600:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1600#discussion_r1251954436
##########
libminifi/src/controllers/SSLContextService.cpp:
##########
@@ -196,16 +196,16 @@ bool SSLContextService::configure_ssl_context(SSL_CTX
*ctx) {
}
// Security level set to 0 for backwards compatibility to support TLS
versions below v1.2
- SSL_CTX_set_security_level(ctx, 0);
+ if (minimum_tls_version_ < TLS1_2_VERSION || maximum_tls_version_ <
TLS1_2_VERSION) {
Review Comment:
isn't it enough to check the `minimum_tls_version_`? I assume the value `-1`
is "don't care", so if we do not care about the `maximum_tls_version_` event if
the `minimum_tls_version_` disallows it we set the security level to 0
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
