Patrick Mealey created AMQNET-768: ------------------------------------- Summary: default SSL context and protocols being set to TLS 1.0 Key: AMQNET-768 URL: https://issues.apache.org/jira/browse/AMQNET-768 Project: ActiveMQ .Net Issue Type: Bug Components: NMS, OpenWire Affects Versions: OpenWire-1.8.0 Reporter: Patrick Mealey
The NMS openwire client is unable to connect to ActiveMQ brokers that do not support TLS 1.0 anymore. If not set via the setter, the SslTransport class' GetAllowedProtocol method will return a default value for the SslProtocols enum. It is currently set to an enum value of "Default" which forces the use of TLS 1.0 --which has known vulnerabilities and is often unavailable on the server-side. Microsoft documentation has long recommended using an enum value of "None" as a default value, which allows the OS to determine the best protocol. In addition to the current default value of GetAllowedProtocol() being undesirable, the SslContext class is explicitly initializing a ThreadStatic to TLS. This should also be changed to "None" so that the OS chooses the best protocol. -- This message was sent by Atlassian Jira (v8.20.7#820007)