From 0ba1f04bbc62645d4128a10841643e958860d655 Mon Sep 17 00:00:00 2001
From: Fred Hebert <mononcqc@ferd.ca>
Date: Thu, 27 Feb 2020 13:20:51 -0500
Subject: [PATCH] Merge pull request #2240 from tsloughter/force-tls1.2

force use of tls1.2 for http fetching to work on OTP-23-rc1
---
 bootstrap                 |  2 +-
 src/r3_hex_http_httpc.erl | 11 +++++++----
 src/rebar_utils.erl       |  4 ++--
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/bootstrap b/bootstrap
index 15bfa933..b513e8eb 100755
--- a/bootstrap
+++ b/bootstrap
@@ -108,7 +108,7 @@ extract(Binary) ->
     {ok, Contents}.
 
 request(Url) ->
-    HttpOptions = [{relaxed, true} | get_proxy_auth()],
+    HttpOptions = [{ssl, [{versions, ['tlsv1.2']}]}, {relaxed, true} | get_proxy_auth()],
 
     case httpc:request(get, {Url, []},
                        HttpOptions,
diff --git a/src/r3_hex_http_httpc.erl b/src/r3_hex_http_httpc.erl
index 6de822ab..f7cbafca 100644
--- a/src/r3_hex_http_httpc.erl
+++ b/src/r3_hex_http_httpc.erl
@@ -13,10 +13,13 @@
 request(Method, URI, ReqHeaders, Body, AdapterConfig) ->
     Profile = maps:get(profile, AdapterConfig, default),
     Request = build_request(URI, ReqHeaders, Body),
-    {ok, {{_, StatusCode, _}, RespHeaders, RespBody}} =
-        httpc:request(Method, Request, [], [{body_format, binary}], Profile),
-    RespHeaders2 = load_headers(RespHeaders),
-    {ok, {StatusCode, RespHeaders2, RespBody}}.
+    case httpc:request(Method, Request, [{ssl, rebar_utils:ssl_opts(URI)}],
+                       [{body_format, binary}], Profile) of
+        {ok, {{_, StatusCode, _}, RespHeaders, RespBody}} ->
+            RespHeaders2 = load_headers(RespHeaders),
+            {ok, {StatusCode, RespHeaders2, RespBody}};
+        {error, Reason} -> {error, Reason}
+    end.
 
 %%====================================================================
 %% Internal functions
diff --git a/src/rebar_utils.erl b/src/rebar_utils.erl
index b9a8e64c..169f9098 100644
--- a/src/rebar_utils.erl
+++ b/src/rebar_utils.erl
@@ -1010,9 +1010,9 @@ is_list_of_strings(List) when is_list(List) ->
 ssl_opts(Url) ->
     case get_ssl_config() of
         ssl_verify_enabled ->
-            ssl_opts(ssl_verify_enabled, Url);
+            [{versions, ['tlsv1.2']} | ssl_opts(ssl_verify_enabled, Url)];
         ssl_verify_disabled ->
-            [{verify, verify_none}]
+            [{versions, ['tlsv1.2']}, {verify, verify_none}]
     end.
 
 %%------------------------------------------------------------------------------