You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Chuck Rolke (JIRA)" <ji...@apache.org> on 2019/01/11 15:10:00 UTC
[jira] [Created] (PROTON-1989) TLS Configuration does not support
TLSv1_3 in OpenSSL v1.1.1
Chuck Rolke created PROTON-1989:
-----------------------------------
Summary: TLS Configuration does not support TLSv1_3 in OpenSSL v1.1.1
Key: PROTON-1989
URL: https://issues.apache.org/jira/browse/PROTON-1989
Project: Qpid Proton
Issue Type: Bug
Components: proton-c
Affects Versions: proton-c-0.26.0
Environment: Fedora 29, Python 2.7.15, OpenSSL 1.1.1 FIPS 11 Sep 2018
Reporter: Chuck Rolke
There are several related issues:
* OpenSSL 1.1.1 adds protocol version TLSv1_3. The current config interface has no way to enable or disable that version. This was predicted in PROTON-1670.
* The OP_NO_TLSxxx options are deprecated.
* The new way to specify TLS versions is through a min-version and max-version scheme. Proton offers no interface for that to client customers.
* The ssl self test tests the customer interface nicely but does not test that the requested TLS versions used by the domain are enforced or not. Qpid-dispatch has a self test that exercises actual connections [https://github.com/apache/qpid-dispatch/blob/master/tests/system_tests_ssl.py] and it is failing with OpenSSL v1.1.1.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org