You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Pavel Moravec (JIRA)" <ji...@apache.org> on 2015/12/30 15:09:49 UTC

[jira] [Created] (QPID-6966) C++ broker and client to support TLS1.1 and TLS1.2

Pavel Moravec created QPID-6966:
-----------------------------------

             Summary: C++ broker and client to support TLS1.1 and TLS1.2
                 Key: QPID-6966
                 URL: https://issues.apache.org/jira/browse/QPID-6966
             Project: Qpid
          Issue Type: Bug
          Components: C++ Broker, C++ Client
    Affects Versions: qpid-cpp-0.34
            Reporter: Pavel Moravec
            Assignee: Pavel Moravec


Description of problem:
Currently, neither C++ client or broker allows TLS1.1 or TLS1.2 protocol versions. Please enable it, esp. since Java client 6.1 will disable TLS1.0 and use 1.1 and 1.2 only.


Version-Release number of selected component (if applicable):
qpid-cpp-server-0.34-5.el6.x86_64
qpid-cpp-client-0.34-5.el6.x86_64


How reproducible:
100%


Steps to Reproduce:
1. Start qpid broker with SSL configured
2. openssl s_client -tls1_1 -connect localhost:5671
3. openssl s_client -tls1_2 -connect localhost:5671


Actual results:
Both 2 and 3 fails with:

{noformat}
139817551390536:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
{noformat}


Expected results:
Both should return something like:

{noformat}
CONNECTED(00000003)
depth=0 CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = localhost
verify return:1
140319888385864:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
140319888385864:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
Certificate chain
 0 s:/CN=localhost
   i:/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBoDCCAQmgAwIBAgIFAKUDcMswDQYJKoZIhvcNAQEFBQAwFDESMBAGA1UEAxMJ
bG9jYWxob3N0MB4XDTE1MTIzMDExMDYwN1oXDTE2MDMzMDExMDYwN1owFDESMBAG
A1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgCq6w
o6FW7gIpAQu8y74wuREH6aGo6hc6YVfATz503o7dxqmUUKs6+DkqbEiDu43r51QL
Sb7oduLMmrvC5TfhWEZGe3PYPOuCBbpqDxXs5kKlqSCuIbvDv1ua1WXdqb27/jGr
d6Lf+DsnU+GXrGwLY1W1zchagmFU1P2dLh8JhQIDAQABMA0GCSqGSIb3DQEBBQUA
A4GBACUauXrJB/P0za8mPj5As4uQ3kr7CHIAtFBEAd3MvVmf9RHniMU/resXeE1B
CBOZ4kXmTvVQ+/kDxYTXO/pLq0wh4HHuZC4LrmlIHG2WagEskVnYgqJiHUchKi+8
URu/CX4rW6/EdcAHhPsKX6nlHFFKYg5u9b9ZtQHYMrfryStZ
-----END CERTIFICATE-----
subject=/CN=localhost
issuer=/CN=localhost
---
Acceptable client certificate CA names
/CN=dummy
---
SSL handshake has read 565 bytes and written 202 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES128-GCM-SHA256
    Session-ID: 7D6C1CB53B37700F2BF007D0D079AB72F26A9D289BCA8D98B5B3F1E283311991
    Session-ID-ctx: 
    Master-Key: 448215BEAADBFF90B82B421D182F8AD7174426D9292835775C405A7C3AEC2763E5F2A1127E5AE210ADC6B7335EE1F6FA
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1451483784
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
{noformat}

Additional info:



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org