From b552a133c27cd0223eb5c7a7ae34647461c0f390 Mon Sep 17 00:00:00 2001
From: Rahul Frias <rfrias@google.com>
Date: Fri, 17 Jun 2016 19:33:43 -0700
Subject: [PATCH] Upgrade TLS version in integration tests

[ Merge of http://go/wvgerrit/18295 ]

SSL v3 is being disabled across Google infrastructure. Networking
code in integration tests used SSL v3 during HTTPS protocol negotiation.
Once this is disabled, it will cause integration test failures at
staging and UAT license servers.

With this change the client will use TLS 1.2. Insecure cipher suites
(TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA,
 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA)
have been disabled as well.

b/29356581

Change-Id: I98a04d345fe83c48132b9d79986a21cc84827dc8
---
 libwvdrmengine/cdm/core/test/http_socket.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libwvdrmengine/cdm/core/test/http_socket.cpp b/libwvdrmengine/cdm/core/test/http_socket.cpp
index 2a8eb7e6..10a4abb1 100644
--- a/libwvdrmengine/cdm/core/test/http_socket.cpp
+++ b/libwvdrmengine/cdm/core/test/http_socket.cpp
@@ -41,9 +41,12 @@ SSL_CTX* InitSslContext() {
 
   OpenSSL_add_all_algorithms();
   SSL_load_error_strings();
-  method = SSLv3_client_method();
+  method = TLSv1_2_client_method();
   ctx = SSL_CTX_new(method);
   if (!ctx) LOGE("failed to create SSL context");
+  int ret = SSL_CTX_set_cipher_list(
+      ctx, "ALL:!RC4-MD5:!RC4-SHA:!ECDHE-ECDSA-RC4-SHA:!ECDHE-RSA-RC4-SHA");
+  if (0 != ret) LOGE("error disabling vulnerable ciphers");
   return ctx;
 }