Revert "THRIFT-2258 cpp: Add TLS v1.1/1.2 support to TSSLSocket.cpp"

This reverts commit 01386c95a8f18d55cefc0ad0f33a1154e095f51a.

diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
index 5f91c89..ce971d3 100644 (file)
--- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
@@ -55,45 +55,14 @@ static bool matchName(const char* host, const char* pattern, int size);
 static char uppercase(char c);
 
 // SSLContext implementation
-SSLContext::SSLContext(const SSLProtocol& protocol) {
-  if(protocol == SSLProtocol::SSLTLS)
-  {
-    ctx_ = SSL_CTX_new(SSLv23_method());
-  }
-  else if(protocol == SSLProtocol::SSLv3)
-  {
-    ctx_ = SSL_CTX_new(SSLv3_method());
-  }
-  else if(protocol == SSLProtocol::TLSv1_0)
-  {
-    ctx_ = SSL_CTX_new(TLSv1_method());
-  }
-  else if(protocol == SSLProtocol::TLSv1_1)
-  {
-    ctx_ = SSL_CTX_new(TLSv1_1_method());
-  }
-  else if(protocol == SSLProtocol::TLSv1_2)
-  {
-    ctx_ = SSL_CTX_new(TLSv1_2_method());
-  }
-  else
-  {
-    /// UNKNOWN PROTOCOL!
-    throw TSSLException("SSL_CTX_new: Unknown protocol");
-  }
-
+SSLContext::SSLContext() {
+  ctx_ = SSL_CTX_new(TLSv1_method());
   if (ctx_ == NULL) {
     string errors;
     buildErrors(errors);
     throw TSSLException("SSL_CTX_new: " + errors);
   }
   SSL_CTX_set_mode(ctx_, SSL_MODE_AUTO_RETRY);
-
-  // Disable horribly insecure SSLv2!
-  if(protocol == SSLProtocol::SSLTLS)
-  {
-    SSL_CTX_set_options(ctx_, SSL_OP_NO_SSLv2);
-  }
 }
 
 SSLContext::~SSLContext() {
@@ -381,14 +350,14 @@ bool     TSSLSocketFactory::initialized = false;
 uint64_t TSSLSocketFactory::count_ = 0;
 Mutex    TSSLSocketFactory::mutex_;
 
-TSSLSocketFactory::TSSLSocketFactory(const SSLProtocol& protocol): server_(false) {
+TSSLSocketFactory::TSSLSocketFactory(): server_(false) {
   Guard guard(mutex_);
   if (count_ == 0) {
     initializeOpenSSL();
     randomize();
   }
   count_++;
-  ctx_ = boost::shared_ptr<SSLContext>(new SSLContext(protocol));
+  ctx_ = boost::shared_ptr<SSLContext>(new SSLContext);
 }
 
 TSSLSocketFactory::~TSSLSocketFactory() {

diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.h b/lib/cpp/src/thrift/transport/TSSLSocket.h
index 02d5bda..b379d23 100644 (file)
--- a/lib/cpp/src/thrift/transport/TSSLSocket.h
+++ b/lib/cpp/src/thrift/transport/TSSLSocket.h
@@ -31,15 +31,6 @@ namespace apache { namespace thrift { namespace transport {
 class AccessManager;
 class SSLContext;
 
-enum SSLProtocol {
-  SSLTLS  = 0,  // Supports SSLv3 and TLSv1.
-  SSLv2   = 1,  // Supports SSLv3 only. => HORRIBLY INSECURE!
-  SSLv3   = 2,  // Supports SSLv3 only.
-  TLSv1_0 = 3,  // Supports TLSv1_0 only.
-  TLSv1_1 = 4,  // Supports TLSv1_1 only.
-  TLSv1_2 = 5   // Supports TLSv1_2 only.
-};
-
 /**
  * OpenSSL implementation for SSL socket interface.
  */
@@ -117,10 +108,8 @@ class TSSLSocketFactory {
  public:
   /**
    * Constructor/Destructor
-   *
-   * @param protocol The SSL/TLS protocol to use.
    */
-  TSSLSocketFactory(const SSLProtocol& protocol = SSLProtocol::SSLTLS);
+  TSSLSocketFactory();
   virtual ~TSSLSocketFactory();
   /**
    * Create an instance of TSSLSocket with a fresh new socket.
@@ -245,7 +234,7 @@ class TSSLException: public TTransportException {
  */
 class SSLContext {
  public:
-  SSLContext(const SSLProtocol& protocol = SSLProtocol::SSLTLS);
+  SSLContext();
   virtual ~SSLContext();
   SSL* createSSL();
   SSL_CTX* get() { return ctx_; }