[ 
https://issues.apache.org/jira/browse/PROTON-1989?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16775366#comment-16775366
 ] 

Andrew Stitcher commented on PROTON-1989:
-----------------------------------------

I don't think it is helpful to bundle these issues into one JIRA. It seems to 
me that the proximate issue is the dispatch test failure. Which is related to 
the addition of TLS 1.3.

Possible future proofing of the code and the Openssl API deprecation are 
different (though releated) issues.

I'm going to split the issues

> TLS Configuration does not support TLSv1_3 in OpenSSL v1.1.1
> ------------------------------------------------------------
>
>                 Key: PROTON-1989
>                 URL: https://issues.apache.org/jira/browse/PROTON-1989
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>    Affects Versions: proton-c-0.26.0
>         Environment: Fedora 29, Python 2.7.15, OpenSSL 1.1.1 FIPS  11 Sep 2018
>            Reporter: Chuck Rolke
>            Assignee: Andrew Stitcher
>            Priority: Major
>
> There are several related issues:
>  * OpenSSL 1.1.1 adds protocol version TLSv1_3. The current config interface 
> has no way to enable or disable that version. This was predicted in 
> PROTON-1670.
>  * The OP_NO_TLSxxx options are deprecated.
>  * The new way to specify TLS versions is through a min-version and 
> max-version scheme. Proton offers no interface for that to client customers.
>  * The ssl self test tests the customer interface nicely but does not test 
> that the requested TLS versions used by the domain are enforced or not. 
> Qpid-dispatch has a self test that exercises actual connections 
> [https://github.com/apache/qpid-dispatch/blob/master/tests/system_tests_ssl.py]
>  and it is failing with OpenSSL v1.1.1.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to