From 489c0c0fb286266551e7cd2d15f1b9c0c0e7d9f7 Mon Sep 17 00:00:00 2001 From: Marc Alff Date: Thu, 27 Jun 2024 14:58:58 +0200 Subject: [PATCH] Fixes #2721 --- .../exporters/otlp/otlp_environment.h | 2 +- .../ext/http/client/http_client.h | 6 +--- .../http/client/curl/http_operation_curl.cc | 30 ++++--------------- 3 files changed, 7 insertions(+), 31 deletions(-) diff --git a/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_environment.h b/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_environment.h index c2e0afb7bc..8b486a548f 100644 --- a/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_environment.h +++ b/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_environment.h @@ -111,7 +111,7 @@ std::string GetOtlpDefaultTracesSslTlsMaxVersion(); std::string GetOtlpDefaultMetricsSslTlsMaxVersion(); std::string GetOtlpDefaultLogsSslTlsMaxVersion(); -// For TLS 1.0, 1.1, 1.2 +// For TLS 1.2 std::string GetOtlpDefaultTracesSslTlsCipher(); std::string GetOtlpDefaultMetricsSslTlsCipher(); std::string GetOtlpDefaultLogsSslTlsCipher(); diff --git a/ext/include/opentelemetry/ext/http/client/http_client.h b/ext/include/opentelemetry/ext/http/client/http_client.h index b3cf7365eb..595dbb90b2 100644 --- a/ext/include/opentelemetry/ext/http/client/http_client.h +++ b/ext/include/opentelemetry/ext/http/client/http_client.h @@ -193,8 +193,6 @@ struct HttpSslOptions Minimum SSL version to use. Valid values are: - empty (no minimum version required) - - "1.0" (TLSv1.0) - - "1.1" (TLSv1.1) - "1.2" (TLSv1.2) - "1.3" (TLSv1.3) */ @@ -204,8 +202,6 @@ struct HttpSslOptions Maximum SSL version to use. Valid values are: - empty (no maximum version required) - - "1.0" (TLSv1.0) - - "1.1" (TLSv1.1) - "1.2" (TLSv1.2) - "1.3" (TLSv1.3) */ @@ -213,7 +209,7 @@ struct HttpSslOptions /** TLS Cipher. - This is for TLS 1.0, 1.1 and 1.2. + This is for TLS 1.2. The list is delimited by colons (":"). Cipher names depends on the underlying CURL implementation. */ diff --git a/ext/src/http/client/curl/http_operation_curl.cc b/ext/src/http/client/curl/http_operation_curl.cc index 25f43fcb2f..a23c3f647b 100644 --- a/ext/src/http/client/curl/http_operation_curl.cc +++ b/ext/src/http/client/curl/http_operation_curl.cc @@ -414,16 +414,16 @@ void HttpOperation::Cleanup() To represent versions, the following symbols are needed: Added in CURL 7.34.0: - - CURL_SSLVERSION_TLSv1_0 - - CURL_SSLVERSION_TLSv1_1 + - CURL_SSLVERSION_TLSv1_0 (do not use) + - CURL_SSLVERSION_TLSv1_1 (do not use) - CURL_SSLVERSION_TLSv1_2 Added in CURL 7.52.0: - CURL_SSLVERSION_TLSv1_3 Added in CURL 7.54.0: - - CURL_SSLVERSION_MAX_TLSv1_0 - - CURL_SSLVERSION_MAX_TLSv1_1 + - CURL_SSLVERSION_MAX_TLSv1_0 (do not use) + - CURL_SSLVERSION_MAX_TLSv1_1 (do not use) - CURL_SSLVERSION_MAX_TLSv1_2 - CURL_SSLVERSION_MAX_TLSv1_3 @@ -439,16 +439,6 @@ void HttpOperation::Cleanup() static long parse_min_ssl_version(std::string version) { #ifdef HAVE_TLS_VERSION - if (version == "1.0") - { - return CURL_SSLVERSION_TLSv1_0; - } - - if (version == "1.1") - { - return CURL_SSLVERSION_TLSv1_1; - } - if (version == "1.2") { return CURL_SSLVERSION_TLSv1_2; @@ -466,16 +456,6 @@ static long parse_min_ssl_version(std::string version) static long parse_max_ssl_version(std::string version) { #ifdef HAVE_TLS_VERSION - if (version == "1.0") - { - return CURL_SSLVERSION_MAX_TLSv1_0; - } - - if (version == "1.1") - { - return CURL_SSLVERSION_MAX_TLSv1_1; - } - if (version == "1.2") { return CURL_SSLVERSION_MAX_TLSv1_2; @@ -780,7 +760,7 @@ CURLcode HttpOperation::Setup() if (!ssl_options_.ssl_cipher.empty()) { - /* TLS 1.0, 1.1, 1.2 */ + /* TLS 1.2 */ const char *cipher_list = ssl_options_.ssl_cipher.c_str(); rc = SetCurlStrOption(CURLOPT_SSL_CIPHER_LIST, cipher_list);