Fix supported TLS versions as TLS 1.3 support seems buggy.

diff --git a/config/config.exs b/config/config.exs
index a620e74517c8f52f350e192d7ac80b2b66d46ad5..e6a21104cf0fe6a59c9797f19fa40e19fb64c5d2 100644 (file)
--- a/config/config.exs
+++ b/config/config.exs
@@ -133,7 +133,14 @@ config :pleroma, :httpoison, Pleroma.HTTP
 config :tesla, adapter: Tesla.Adapter.Hackney
 
 # Configures http settings, upstream proxy etc.
-config :pleroma, :http, proxy_url: nil
+config :pleroma, :http,
+  proxy_url: nil,
+  adapter: [
+    ssl_options: [
+      # We don't support TLS v1.3 yet
+      versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"]
+    ]
+  ]
 
 config :pleroma, :instance,
   name: "Pleroma",

diff --git a/lib/pleroma/http/http.ex b/lib/pleroma/http/http.ex
index 75c58e6c9a07dce77d77389cd489ab338b15ba92..26214ef3feca94c4af8e12b2b07c832b0a3c0c7d 100644 (file)
--- a/lib/pleroma/http/http.ex
+++ b/lib/pleroma/http/http.ex
@@ -30,6 +30,7 @@ defmodule Pleroma.HTTP do
     options =
       process_request_options(options)
       |> process_sni_options(url)
+      |> process_adapter_options()
 
     params = Keyword.get(options, :params, [])
 
@@ -56,6 +57,12 @@ defmodule Pleroma.HTTP do
     end
   end
 
+  def process_adapter_options(options) do
+    adapter_options = Pleroma.Config.get([:http, :adapter], [])
+
+    options ++ [adapter: adapter_options]
+  end
+
   def process_request_options(options) do
     config = Application.get_env(:pleroma, :http, [])
     proxy = Keyword.get(config, :proxy_url, nil)