Andrew Stitcher created PROTON-2009:

             Summary: OpenSSL API has changed and now deprecates 
SSL_OP_NO_TLSv* used with SSL_CTX_set_options
                 Key: PROTON-2009
             Project: Qpid Proton
          Issue Type: Bug
          Components: proton-c
    Affects Versions: proton-c-0.26.0
         Environment: Fedora 29, Python 2.7.15, OpenSSL 1.1.1 FIPS  11 Sep 2018
            Reporter: Chuck Rolke
            Assignee: Andrew Stitcher

There are several related issues:
 * OpenSSL 1.1.1 adds protocol version TLSv1_3. The current config interface 
has no way to enable or disable that version. This was predicted in PROTON-1670.
 * The OP_NO_TLSxxx options are deprecated.
 * The new way to specify TLS versions is through a min-version and max-version 
scheme. Proton offers no interface for that to client customers.
 * The ssl self test tests the customer interface nicely but does not test that 
the requested TLS versions used by the domain are enforced or not. 
Qpid-dispatch has a self test that exercises actual connections 
and it is failing with OpenSSL v1.1.1.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to