[
https://issues.apache.org/jira/browse/QPID-8354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934273#comment-16934273
]
ASF GitHub Bot commented on QPID-8354:
--------------------------------------
alex-rufous commented on issue #37: QPID-8354 Blacklist TLSv1.1
URL: https://github.com/apache/qpid-broker-j/pull/37#issuecomment-533495226
Tomas,
The suggested changes look good to me.
Though, I would add a positive test for TLSv1.3 in order to be consistent
with the rest of the test code. The challenge here is to identify java version
in order to add assumption checks to the tests . I would go with a very
simplistic approach, for example, try to load any new class which was
introduced in java 11. Here is the code for my suggestion;
```
private boolean isJava11OrAbove()
{
try
{
// introduced in java 11
Class.forName("java.net.http.HttpClient");
return true;
}
catch (ClassNotFoundException e)
{
return false;
}
}
```
Using the above you can write tests as illustrated below
```
@Test
public void testTLSv1_3SupportOnSSLOnlyPort() throws Exception
{
assumeThat("Java 11 or above is required", isJava11OrAbove(),
is(true));
checkSSLExcluded("TLSv1.3", Transport.SSL);
}
```
Also, as you started to refactor test code, I would like to suggest to
rename test method `#checkSSLExcluded` into `checkHandshakeWithTlsProtocol`. I
think, it would be a better name, which would be telling exactly what method
does.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> [Broker-J][JMS AMQP 0-x] Backlist TLSv1.1
> -----------------------------------------
>
> Key: QPID-8354
> URL: https://issues.apache.org/jira/browse/QPID-8354
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J, JMS AMQP 0-x
> Reporter: Alex Rudyy
> Priority: Major
> Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.5
>
>
> The TLSv1.1 is allowed by default for establishing TLS connectivity in both
> Qpid Broker-J and legacy JMS client for AMQP 0-x. TLS 1.0 is already
> blacklisted in both products. We can consider restricting allowed TLS
> protocols to TLSv1.2 and TLSv1.3 by default. The TLSv1.2 can be used with
> JDK8-10 and TLSv1.3 can be used with JDK 11 and above.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
