You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Pavel Moravec (JIRA)" <ji...@apache.org> on 2016/01/05 13:59:39 UTC
[jira] [Updated] (QPID-6966) C++ broker and client to support
TLS1.1 and TLS1.2 by default
[ https://issues.apache.org/jira/browse/QPID-6966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pavel Moravec updated QPID-6966:
--------------------------------
Summary: C++ broker and client to support TLS1.1 and TLS1.2 by default (was: C++ broker and client to support TLS1.1 and TLS1.2)
> C++ broker and client to support TLS1.1 and TLS1.2 by default
> -------------------------------------------------------------
>
> Key: QPID-6966
> URL: https://issues.apache.org/jira/browse/QPID-6966
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker, C++ Client
> Affects Versions: qpid-cpp-0.34
> Reporter: Pavel Moravec
> Assignee: Pavel Moravec
>
> Description of problem:
> Currently, neither C++ client or broker allows TLS1.1 or TLS1.2 protocol versions. Please enable it, esp. since Java client 6.1 will disable TLS1.0 and use 1.1 and 1.2 only.
> Version-Release number of selected component (if applicable):
> qpid-cpp-server-0.34-5.el6.x86_64
> qpid-cpp-client-0.34-5.el6.x86_64
> How reproducible:
> 100%
> Steps to Reproduce:
> 1. Start qpid broker with SSL configured
> 2. openssl s_client -tls1_1 -connect localhost:5671
> 3. openssl s_client -tls1_2 -connect localhost:5671
> Actual results:
> Both 2 and 3 fails with:
> {noformat}
> 139817551390536:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
> {noformat}
> Expected results:
> Both should return something like:
> {noformat}
> CONNECTED(00000003)
> depth=0 CN = localhost
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 CN = localhost
> verify return:1
> 140319888385864:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 140319888385864:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
> ---
> Certificate chain
> 0 s:/CN=localhost
> i:/CN=localhost
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIBoDCCAQmgAwIBAgIFAKUDcMswDQYJKoZIhvcNAQEFBQAwFDESMBAGA1UEAxMJ
> bG9jYWxob3N0MB4XDTE1MTIzMDExMDYwN1oXDTE2MDMzMDExMDYwN1owFDESMBAG
> A1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgCq6w
> o6FW7gIpAQu8y74wuREH6aGo6hc6YVfATz503o7dxqmUUKs6+DkqbEiDu43r51QL
> Sb7oduLMmrvC5TfhWEZGe3PYPOuCBbpqDxXs5kKlqSCuIbvDv1ua1WXdqb27/jGr
> d6Lf+DsnU+GXrGwLY1W1zchagmFU1P2dLh8JhQIDAQABMA0GCSqGSIb3DQEBBQUA
> A4GBACUauXrJB/P0za8mPj5As4uQ3kr7CHIAtFBEAd3MvVmf9RHniMU/resXeE1B
> CBOZ4kXmTvVQ+/kDxYTXO/pLq0wh4HHuZC4LrmlIHG2WagEskVnYgqJiHUchKi+8
> URu/CX4rW6/EdcAHhPsKX6nlHFFKYg5u9b9ZtQHYMrfryStZ
> -----END CERTIFICATE-----
> subject=/CN=localhost
> issuer=/CN=localhost
> ---
> Acceptable client certificate CA names
> /CN=dummy
> ---
> SSL handshake has read 565 bytes and written 202 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : TLSv1.2
> Cipher : AES128-GCM-SHA256
> Session-ID: 7D6C1CB53B37700F2BF007D0D079AB72F26A9D289BCA8D98B5B3F1E283311991
> Session-ID-ctx:
> Master-Key: 448215BEAADBFF90B82B421D182F8AD7174426D9292835775C405A7C3AEC2763E5F2A1127E5AE210ADC6B7335EE1F6FA
> Key-Arg : None
> Krb5 Principal: None
> PSK identity: None
> PSK identity hint: None
> Start Time: 1451483784
> Timeout : 7200 (sec)
> Verify return code: 18 (self signed certificate)
> ---
> {noformat}
> Additional info:
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org