From 025d2c2dad2786eda40f2367cdd727a36b8249df Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Thu, 21 Jul 2022 15:37:07 +0800
Subject: [PATCH 02/21] use only TLS v1.2 or later

Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
 src/utils/http/http.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/utils/http/http.c b/src/utils/http/http.c
index edd05f92..20131660 100644
--- a/src/utils/http/http.c
+++ b/src/utils/http/http.c
@@ -449,6 +449,13 @@ int http_request(const char *url, struct http_get_options *options, long *respon
     curl_easy_setopt(curl_handle, CURLOPT_SUPPRESS_CONNECT_HEADERS, 1L);
 #endif
 
+    /* libcurl support option CURL_SSLVERSION_TLSv1_2 when version >= 7.34.0
+     * #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z))
+     * CURL_VERSION_BITS(7,34,0) = 0x072200 */
+#if (LIBCURL_VERSION_NUM >= 0x072200)
+    curl_easy_setopt(curl_handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
+#endif
+
     ret = http_custom_options(curl_handle, options);
     if (ret) {
         goto out;
-- 
2.25.1