Fix enforce TLS version

aws · Sep 8, 2023 · c859aa7 · c859aa7
1 parent acc3e9b
commit c859aa7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 8 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -80,10 +80,10 @@ if (LEGACY_BUILD)
     if (DISABLE_INTERNAL_IMDSV1_CALLS)
         add_definitions(-DDISABLE_IMDSV1)
     endif ()
-    if (USE_TLS_V2)
+    if (USE_TLS_V1_2)
         add_definitions(-DENFORCE_TLS_V1_2)
     endif ()
-    if (USE_TLS_V3)
+    if (USE_TLS_V1_3)
         add_definitions(-DENFORCE_TLS_V1_3)
     endif ()
 

diff --git a/src/aws-cpp-sdk-core/source/http/curl/CurlHttpClient.cpp b/src/aws-cpp-sdk-core/source/http/curl/CurlHttpClient.cpp
@@ -699,17 +699,13 @@ std::shared_ptr<HttpResponse> CurlHttpClient::MakeRequest(const std::shared_ptr<
             curl_easy_setopt(connectionHandle, CURLOPT_SSL_VERIFYPEER, 1L);
             curl_easy_setopt(connectionHandle, CURLOPT_SSL_VERIFYHOST, 2L);
 
-#if LIBCURL_VERSION_MAJOR >= 7
-#if LIBCURL_VERSION_MINOR >= 34
-#if defined(ENFORCE_TLS_V1_3)
+#if defined(ENFORCE_TLS_V1_3) && LIBCURL_VERSION_NUM >= 0x073400 // 7.52.0
             curl_easy_setopt(connectionHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3);
-#elif defined(ENFORCE_TLS_V1_2)
+#elif defined(ENFORCE_TLS_V1_2) && LIBCURL_VERSION_NUM >= 0x072200 // 7.34.0
             curl_easy_setopt(connectionHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
 #else
             curl_easy_setopt(connectionHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
 #endif
-#endif //LIBCURL_VERSION_MINOR
-#endif //LIBCURL_VERSION_MAJOR
         }
         else
         {