[ https://issues.apache.org/jira/browse/PROTON-1989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Stitcher reassigned PROTON-1989: --------------------------------------- Assignee: Andrew Stitcher > TLS Configuration does not support TLSv1_3 in OpenSSL v1.1.1 > ------------------------------------------------------------ > > Key: PROTON-1989 > URL: https://issues.apache.org/jira/browse/PROTON-1989 > Project: Qpid Proton > Issue Type: Bug > Components: proton-c > Affects Versions: proton-c-0.26.0 > Environment: Fedora 29, Python 2.7.15, OpenSSL 1.1.1 FIPS 11 Sep 2018 > Reporter: Chuck Rolke > Assignee: Andrew Stitcher > Priority: Major > > There are several related issues: > * OpenSSL 1.1.1 adds protocol version TLSv1_3. The current config interface > has no way to enable or disable that version. This was predicted in > PROTON-1670. > * The OP_NO_TLSxxx options are deprecated. > * The new way to specify TLS versions is through a min-version and > max-version scheme. Proton offers no interface for that to client customers. > * The ssl self test tests the customer interface nicely but does not test > that the requested TLS versions used by the domain are enforced or not. > Qpid-dispatch has a self test that exercises actual connections > [https://github.com/apache/qpid-dispatch/blob/master/tests/system_tests_ssl.py] > and it is failing with OpenSSL v1.1.1. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org