[
https://issues.apache.org/jira/browse/AMQNET-768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Krzysztof Porębski updated AMQNET-768:
--------------------------------------
Affects Version/s: OpenWire-2.0.0
> default SSL context and protocols being set to TLS 1.0
> ------------------------------------------------------
>
> Key: AMQNET-768
> URL: https://issues.apache.org/jira/browse/AMQNET-768
> Project: ActiveMQ .Net
> Issue Type: Bug
> Components: NMS, OpenWire
> Affects Versions: OpenWire-1.8.0, OpenWire-2.0.0
> Reporter: Patrick Mealey
> Priority: Major
>
> The NMS openwire client is unable to connect to ActiveMQ brokers that do not
> support TLS 1.0 anymore.
> If not set via the setter, the SslTransport class' GetAllowedProtocol method
> will return a default value for the SslProtocols enum. It is currently set
> to an enum value of "Default" which forces the use of TLS 1.0 --which has
> known vulnerabilities and is often unavailable on the server-side. Microsoft
> documentation has long recommended using an enum value of "None" as a default
> value, which allows the OS to determine the best protocol.
> In addition to the current default value of GetAllowedProtocol() being
> undesirable, the SslContext class is explicitly initializing a ThreadStatic
> to TLS. This should also be changed to "None" so that the OS chooses the
> best protocol.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
