> On Oct. 17, 2014, 1:10 p.m., Chug Rolke wrote: > > Compiles 2008/x86 and 2013/x64 but untested to see if it actually denies > > connection as claimed.
Hey Chuck - do you have access to a fedora/rhel system? If so, there's a command line tool called "openssl" that you can use to check whether the broker will accept or deny an ssl connection. It's in the openssl rpm package. To check, stand up the qpidd broker on windows configured for ssl. Then on you rhel box, run the openssl 's_client' sub command. Something like this: openssl s_client -connect <qpid host>:<ssl port> -ssl3 That should result in an error message being issued by the qpidd broker. The openssl s_client command will then dump some status, and the "crypto something or other" field should be zeros. If you then try: openssl s_client -connect <qpid host>:<ssl port> -tls1 You'll see the output will dump some strange hex numbers for session crypto etc, which indicates the negotiation was successful. More importantly, the connection to qpidd will succeed, but then time out with a 'no protocol received' error. I'd do this, but happly I've been 100% windows free for a long time, and I'm not about to willingly be tossed of that particular wagon. - Kenneth ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/26865/#review57131 ----------------------------------------------------------- On Oct. 17, 2014, 7:26 a.m., Cliff Jansen wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/26865/ > ----------------------------------------------------------- > > (Updated Oct. 17, 2014, 7:26 a.m.) > > > Review request for qpid, Chug Rolke and Kenneth Giusti. > > > Bugs: PROTON-719 > https://issues.apache.org/jira/browse/PROTON-719 > > > Repository: qpid > > > Description > ------- > > Do not allow ssl v3 Proton connections even if user has set registry entries > forcing SChannel to request/accept ssl v3. > > > Diffs > ----- > > > http://svn.apache.org/repos/asf/qpid/proton/trunk/proton-c/src/windows/schannel.c > 1632478 > > Diff: https://reviews.apache.org/r/26865/diff/ > > > Testing > ------- > > Windoww XP -> Windows 8.1 > 32/64 bit > VS2008->VS2013 > > VS2008 failed first attempt for fix > > > Thanks, > > Cliff Jansen > >
