Patrick Mealey created AMQNET-768:
-------------------------------------
Summary: default SSL context and protocols being set to TLS 1.0
Key: AMQNET-768
URL: https://issues.apache.org/jira/browse/AMQNET-768
Project: ActiveMQ .Net
Issue Type: Bug
Components: NMS, OpenWire
Affects Versions: OpenWire-1.8.0
Reporter: Patrick Mealey
The NMS openwire client is unable to connect to ActiveMQ brokers that do not
support TLS 1.0 anymore.
If not set via the setter, the SslTransport class' GetAllowedProtocol method
will return a default value for the SslProtocols enum. It is currently set to
an enum value of "Default" which forces the use of TLS 1.0 --which has known
vulnerabilities and is often unavailable on the server-side. Microsoft
documentation has long recommended using an enum value of "None" as a default
value, which allows the OS to determine the best protocol.
In addition to the current default value of GetAllowedProtocol() being
undesirable, the SslContext class is explicitly initializing a ThreadStatic to
TLS. This should also be changed to "None" so that the OS chooses the best
protocol.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
