Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
proton-c-0.26.0, proton-c-0.27.0
-
None
-
Fedora 29, Python 2.7.15, OpenSSL 1.1.1 FIPS 11 Sep 2018
Description
OpenSSL 1.1.1 adds protocol version TLSv1_3. The current config interface has no way to enable or disable that version. This was predicted in PROTON-1670.
The ssl self test tests the customer interface nicely but does not test that the requested TLS versions used by the domain are enforced or not. Qpid-dispatch has a self test that exercises actual connections https://github.com/apache/qpid-dispatch/blob/master/tests/system_tests_ssl.py and it is failing with OpenSSL v1.1.1.
Attachments
Issue Links
- is cloned by
-
PROTON-2009 OpenSSL API has changed and now deprecates SSL_OP_NO_TLSv* used with SSL_CTX_set_options
- Open