Andrew Stitcher created PROTON-2009:
---------------------------------------
Summary: OpenSSL API has changed and now deprecates
SSL_OP_NO_TLSv* used with SSL_CTX_set_options
Key: PROTON-2009
URL: https://issues.apache.org/jira/browse/PROTON-2009
Project: Qpid Proton
Issue Type: Bug
Components: proton-c
Affects Versions: proton-c-0.26.0
Environment: Fedora 29, Python 2.7.15, OpenSSL 1.1.1 FIPS 11 Sep 2018
Reporter: Chuck Rolke
Assignee: Andrew Stitcher
There are several related issues:
* OpenSSL 1.1.1 adds protocol version TLSv1_3. The current config interface
has no way to enable or disable that version. This was predicted in PROTON-1670.
* The OP_NO_TLSxxx options are deprecated.
* The new way to specify TLS versions is through a min-version and max-version
scheme. Proton offers no interface for that to client customers.
* The ssl self test tests the customer interface nicely but does not test that
the requested TLS versions used by the domain are enforced or not.
Qpid-dispatch has a self test that exercises actual connections
[https://github.com/apache/qpid-dispatch/blob/master/tests/system_tests_ssl.py]
and it is failing with OpenSSL v1.1.1.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
