You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Patrick Mealey (Jira)" <ji...@apache.org> on 2022/05/10 03:26:00 UTC

[jira] [Created] (AMQNET-768) default SSL context and protocols being set to TLS 1.0

Patrick Mealey created AMQNET-768:
-------------------------------------

             Summary: default SSL context and protocols being set to TLS 1.0
                 Key: AMQNET-768
                 URL: https://issues.apache.org/jira/browse/AMQNET-768
             Project: ActiveMQ .Net
          Issue Type: Bug
          Components: NMS, OpenWire
    Affects Versions: OpenWire-1.8.0
            Reporter: Patrick Mealey


The NMS openwire client is unable to connect to ActiveMQ brokers that do not support TLS 1.0 anymore.

If not set via the setter, the SslTransport class' GetAllowedProtocol method will return a default value for the SslProtocols enum.  It is currently set to an enum value of "Default" which forces the use of TLS 1.0 --which has known vulnerabilities and is often unavailable on the server-side.  Microsoft documentation has long recommended using an enum value of "None" as a default value, which allows the OS to determine the best protocol.

In addition to the current default value of GetAllowedProtocol() being undesirable, the SslContext class is explicitly initializing a ThreadStatic to TLS.  This should also be changed to "None" so that the OS chooses the best protocol.

 

 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)