fix(NetSSL): Incorrect setting of ciphersuites for TLSv1.3 #4610

NetSSL_OpenSSL/include/Poco/Net/Context.h

@@ -191,6 +191,15 @@ public:
 		std::string cipherList;
 			/// Specifies the supported ciphers in OpenSSL notation.
 			/// Defaults to "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
+			/// Note: The cipher list only applies for TLS 1.2 and 
+			/// earlier versions. To configure TLS 1.3 cipher suites, 
+			/// please use the cipherSuites member variable.
+
+		std::string cipherSuites;
+			/// Specifies the supported TLS 1.3 cipher suites.
+			/// If left empty, the OpenSSL default cipher suites
+			/// are used. Please refer to the OpenSSL documentation
+			/// for available cipher suite names.
 
 		std::string dhParamsFile;
 			/// Specifies a file containing Diffie-Hellman parameters.

NetSSL_OpenSSL/src/Context.cpp

@@ -189,11 +189,14 @@ void Context::init(const Params& params)
 		else
 			SSL_CTX_set_verify(_pSSLContext, params.verificationMode, &SSLManager::verifyClientCallback);
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		SSL_CTX_set_ciphersuites(_pSSLContext, params.cipherList.c_str());
-#else
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+		if (!params.cipherSuites.empty())
+		{
+			SSL_CTX_set_ciphersuites(_pSSLContext, params.cipherSuites.c_str());
+		}
+#endif
 		SSL_CTX_set_cipher_list(_pSSLContext, params.cipherList.c_str());
-#endif // OPENSSL_VERSION_NUMBER >= 0x30000000L
+
 		SSL_CTX_set_verify_depth(_pSSLContext, params.verificationDepth);
 		SSL_CTX_set_mode(_pSSLContext, SSL_MODE_AUTO_RETRY);
 		SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF);