-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26773/
-----------------------------------------------------------
Review request for qpid and Rafael Schloming.
Bugs: PROTON-716
https://issues.apache.org/jira/browse/PROTON-716
Repository: qpid
Description
-------
Server-mode SSL connections allow clients using SSL version v3+. v3 is not
secure, and should be rejected.
Diffs
-----
proton/trunk/proton-c/src/ssl/openssl.c 1632098
Diff: https://reviews.apache.org/r/26773/diff/
Testing
-------
Verified SSL traffic via wireshark. Tested clients attempting to connect with
SSLv3 - the SSL negotiation fails with "bad version" error.
Thanks,
Kenneth Giusti
