[
https://issues.apache.org/jira/browse/PROTON-1670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16247769#comment-16247769
]
Andrew Stitcher commented on PROTON-1670:
-----------------------------------------
A separate issue is what to do if/how to prevent disabling *all* the TLS
protocols:
* Could just do it and not be able to communicate.
* Could just return an error - and ignore the setting? Ignoring might be worse
as then all the protocols are allowed
* Could ignore the flag for the latest protocol (1.2 currently) so that
communication isn't stopped.
* Don't supply a way to disable the latest (1.2 currently) version -- assuming
it must be the most secure.
Maybe a better way to deal with this is to make the API a positive API telling
which protocols to use rather than which ones to disable. This will avoid the
whole problem.
> Configurable TLS versions
> -------------------------
>
> Key: PROTON-1670
> URL: https://issues.apache.org/jira/browse/PROTON-1670
> Project: Qpid Proton
> Issue Type: New Feature
> Components: proton-c
> Affects Versions: proton-c-0.17.0
> Reporter: Justin Ross
> Assignee: Andrew Stitcher
> Labels: api, tls
> Fix For: proton-c-0.19.0
>
>
> This link has examples of what httpd and nignx offer:
> https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
