[
https://issues.apache.org/jira/browse/PROTON-2021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16801018#comment-16801018
]
Andrew Stitcher edited comment on PROTON-2021 at 3/25/19 8:58 PM:
------------------------------------------------------------------
In order to maintain backward behaviour compatibility we will maintain the
ANONYMOUS peer verification of a client pn_ssl_domain_t created directly with
pn_ssl_domain(PN_SSL_MODE_CLIENT) for now. Even though this is insecure.
However We will set up the ca certificate store by default for both client and
server domains to be the system default trusted ca certificate store as this
changes a previous error case into a secure case: Before setting the verify
mode for an ssl domain to verify the certificate or the peer name without
setting a trusted ca certificate store would cause an error. Setting a store
by default allows this error case to safely use the system default.
was (Author: astitcher):
In order to maintain backward behaviour compatibility we will maintain the
ANONYMOUS peer verification of a client pn_ssl_domain_t created directly with
pn_ssl_domain(PN_SSL_MODE_CLIENT) for now. Even though this is secure.
However We will set up the ca certificate store by default for both client and
server domains to be the system default trusted ca certificate store as this
changes a previous error case into a secure case: Before setting the verify
mode for an ssl domain to verify the certificate or the peer name without
setting a trusted ca certificate store would cause an error. Setting a store
by default allows this error case to safely use the system default.
> [c] Make SSL/TLS usage more secure by default
> ---------------------------------------------
>
> Key: PROTON-2021
> URL: https://issues.apache.org/jira/browse/PROTON-2021
> Project: Qpid Proton
> Issue Type: Improvement
> Components: proton-c
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Major
>
> There are some aspects of using TLS with proton-c that are awkward and by
> default less secure than they could be.
> A good example of this is that it is tricky to set up to verify peer names
> against the system default ca certificate list. Even though this is carefully
> set up under many (most?) modern OS distributions.
> Another example is that for a client on the internet verifying peer names is
> the only safe way to use TLS, but this is not the default.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
