4 files changed, 61 insertions, 20 deletions

diff --git a/cpp/include/IceSSL/Plugin.h b/cpp/include/IceSSL/Plugin.h
index 82143cb4ac9..9b8b63737f2 100644
--- a/cpp/include/IceSSL/Plugin.h
+++ b/cpp/include/IceSSL/Plugin.h
@@ -576,6 +576,9 @@ class ICESSL_API Plugin : public Ice::Plugin
 public:
 
     virtual ~Plugin();
+    
+    virtual std::string getEngineName() const = 0;
+    virtual Ice::Long getEngineVersion() const = 0;
 
     //
     // Establish the certificate verifier object. This should be done
diff --git a/cpp/src/IceSSL/PluginI.cpp b/cpp/src/IceSSL/PluginI.cpp
index f4caa30fba0..1e9234c5bf5 100755
--- a/cpp/src/IceSSL/PluginI.cpp
+++ b/cpp/src/IceSSL/PluginI.cpp
@@ -133,6 +133,32 @@ IceSSL::PluginI::destroy()
     _engine = 0;
 }
 
+string
+IceSSL::PluginI::getEngineName() const
+{
+#if defined(ICE_USE_SECURE_TRANSPORT)
+    return "SecureTransportEngine";
+#elif defined(ICE_USE_SCHANNEL)
+    return "SChannelEngine";
+#elif defined(ICE_OS_UWP)
+    return "UWPEngine";
+#else
+    ostringstream os;
+    os << "OpenSSLEngine@" << SSLeay_version(SSLEAY_VERSION);
+    return os.str();
+#endif
+}
+
+Ice::Long
+IceSSL::PluginI::getEngineVersion() const
+{
+#if defined(ICE_USE_OPENSSL)
+    return SSLeay();
+#else
+    return 0;
+#endif
+}
+
 #ifdef ICE_CPP11_MAPPING
 void
 IceSSL::PluginI::setCertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)> verifier)
diff --git a/cpp/src/IceSSL/PluginI.h b/cpp/src/IceSSL/PluginI.h
index e896f52cc5a..8cc3045859d 100644
--- a/cpp/src/IceSSL/PluginI.h
+++ b/cpp/src/IceSSL/PluginI.h
@@ -28,6 +28,8 @@ public:
     //
     virtual void initialize();
     virtual void destroy();
+    virtual std::string getEngineName() const;
+    virtual Ice::Long getEngineVersion() const;
 
     //
     // From IceSSL::Plugin.
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp
index 735db704c75..812e27643d8 100644
--- a/cpp/test/IceSSL/configuration/AllTests.cpp
+++ b/cpp/test/IceSSL/configuration/AllTests.cpp
@@ -9,9 +9,6 @@
 
 #include <Ice/Ice.h>
 #include <IceSSL/Plugin.h>
-#if ICE_USE_OPENSSL
-#  include <openssl/ssl.h> // Required for OPENSSL_VERSION_NUMBER
-#endif
 #include <TestCommon.h>
 #include <Test.h>
 #include <fstream>
@@ -43,17 +40,6 @@ using namespace Windows::Security::Cryptography::Certificates;
 using namespace std;
 using namespace Ice;
 
-#ifdef ICE_USE_OPENSSL
-//
-// With OpenSSL 1.1.0 we need to set SECLEVEL=0 to allow ADH ciphers
-//
-#  if OPENSSL_VERSION_NUMBER >= 0x10100000L
-const string anonCiphers = "ADH:@SECLEVEL=0";
-#  else
-const string anonCiphers = "ADH";
-#  endif
-#endif
-
 void
 readFile(const string& file, vector<char>& buffer)
 {
@@ -717,6 +703,29 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
 #else
     string sep = ":";
 #endif
+    
+    string engineName;
+    Ice::Long engineVersion;
+    {
+        //
+        // Get the IceSSL engine name and version
+        //
+        InitializationData initData;
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
+        CommunicatorPtr comm = initialize(initData);
+        IceSSL::PluginPtr plugin = ICE_DYNAMIC_CAST(IceSSL::Plugin, comm->getPluginManager()->getPlugin("IceSSL"));
+        test(plugin);
+        engineName = plugin->getEngineName();
+        engineVersion = plugin->getEngineVersion();
+        comm->destroy();
+    }
+    
+#ifdef ICE_USE_OPENSSL
+    //
+    // Parse OpenSSL version from engineName "OpenSSLEngine@OpenSSL 1.0.2g  1 Mar 2016"
+    //
+    const string anonCiphers = engineVersion >= 0x10100000L ? "ADH:@SECLEVEL=0" : "ADH";
+#endif
 
     IceSSL::NativeConnectionInfoPtr info;
 
@@ -1719,13 +1728,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
         catch(const LocalException& ex)
         {
             //
-            // OpenSSL < 1.0 doesn't support tls 1.1 so it will also fail, we ignore in this
-            // case.
+            // OpenSSL < 1.0 doesn't support tls 1.1 so it will fail, we ignore the error in this case.
             //
-#    if defined(ICE_USE_SCHANNEL) || (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10000000L)
-            cerr << ex << endl;
-            test(false);
-#    endif
+            if((engineName.find("OpenSSLEngine") != string::npos && engineVersion < 0x10000000L) ||
+                engineName.find("OpenSSLEngine") == string::npos)
+            {
+                cerr << ex << endl;
+                test(false);
+            }
         }
         fact->destroyServer(server);
         comm->destroy();