[ https://issues.apache.org/jira/browse/PROTON-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Stitcher updated PROTON-2009: ------------------------------------ Description: The OpenSSL SSL_OP_NO_TLSvxxx options are deprecated for use in SSL_CTX_set_options(). As of OpenSSL 1.1 way to specify TLS versions is through a min-version and max-version scheme - this is more code future proof. You can specify a minimum version and 0 for the maximum meaning the latest version. Proton's interface to this allows more than can be specified using the min/max API as you can specify each protocol individually. The proton code is also not future proof in that it "knows" about each TLS protocol individually in the code. was: The SSL_OP_NO_TLSxxx options are deprecated. The new way to specify TLS versions is through a min-version and max-version scheme - this is more code future proof. You can specify a minimum version and 0 for the maximum meaning the latest version. Proton's interface to this allows more than can be specified using the min/max API as you can specify each protocol individually. The proton code is also not future proof in that it "knows" about each TLS protocol individually in the code. > OpenSSL API has changed and now deprecates SSL_OP_NO_TLSv* used with > SSL_CTX_set_options > ---------------------------------------------------------------------------------------- > > Key: PROTON-2009 > URL: https://issues.apache.org/jira/browse/PROTON-2009 > Project: Qpid Proton > Issue Type: Bug > Components: proton-c > Affects Versions: proton-c-0.26.0 > Environment: Fedora 29, OpenSSL 1.1.1 FIPS 11 Sep 2018 > Reporter: Chuck Rolke > Assignee: Andrew Stitcher > Priority: Major > > The OpenSSL SSL_OP_NO_TLSvxxx options are deprecated for use in > SSL_CTX_set_options(). > As of OpenSSL 1.1 way to specify TLS versions is through a min-version and > max-version scheme - this is more code future proof. > You can specify a minimum version and 0 for the maximum meaning the latest > version. > Proton's interface to this allows more than can be specified using the > min/max API as you can specify each protocol individually. > The proton code is also not future proof in that it "knows" about each TLS > protocol individually in the code. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org