diff --git a/frameworks/js/napi/tls/src/tls_socket.cpp b/frameworks/js/napi/tls/src/tls_socket.cpp index b6b14cc5d69cedc63087f7c500b39980eab4307e..ee2b0a5db13543994f9ffd844f2a3fcf398225e7 100644 --- a/frameworks/js/napi/tls/src/tls_socket.cpp +++ b/frameworks/js/napi/tls/src/tls_socket.cpp @@ -1731,11 +1731,14 @@ static void CacheCertificates(const std::string &hostName, SSL *ssl) } } -static void LoadCachedCaCert(const std::string &hostName, SSL *ssl) +static void SetSNIandLoadCachedCaCert(const std::string &hostName, SSL *ssl) { if (!ssl) { return; } +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + SSL_set_tlsext_host_name(ssl, hostName.c_str()); +#endif auto cachedPem = CaCertCache::GetInstance().Get(hostName); auto sslCtx = SSL_get_SSL_CTX(ssl); if (!sslCtx) { @@ -1762,7 +1765,7 @@ bool TLSSocket::TLSSocketInternal::StartShakingHands(const TLSConnectOptions &op auto hostName = options.GetHostName(); // indicates hostName is not ip address if (hostName != options.GetNetAddress().GetAddress()) { - LoadCachedCaCert(hostName, ssl_); + SetSNIandLoadCachedCaCert(hostName, ssl_); } int result = SSL_connect(ssl_); diff --git a/frameworks/native/tls_socket/src/tls_context.cpp b/frameworks/native/tls_socket/src/tls_context.cpp index 8b78d24516792ce800619afe1c3b4a9a448ba6e8..e0623c501d233a377aaf3e51241cad38a0cb3471 100644 --- a/frameworks/native/tls_socket/src/tls_context.cpp +++ b/frameworks/native/tls_socket/src/tls_context.cpp @@ -56,7 +56,9 @@ bool TLSContext::SetCipherList(TLSContext *tlsContext, const TLSConfiguration &c return false; } NETSTACK_LOGD("GetCipherSuite = %{public}s", configuration.GetCipherSuite().c_str()); - if (SSL_CTX_set_cipher_list(tlsContext->ctx_, configuration.GetCipherSuite().c_str()) <= 0) { + int rc1 = SSL_CTX_set_cipher_list(tlsContext->ctx_, configuration.GetCipherSuite().c_str()); + int rc2 = SSL_CTX_set_ciphersuites(tlsContext->ctx_, configuration.GetCipherSuite().c_str()); + if (rc1 <= 0 && rc2 <= 0) { NETSTACK_LOGE("Error setting the cipher list"); return false; }