Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-1989

TLS Configuration does not support TLSv1_3 in OpenSSL v1.1.1

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • proton-c-0.26.0, proton-c-0.27.0
    • proton-c-0.27.1
    • proton-c
    • None
    • Fedora 29, Python 2.7.15, OpenSSL 1.1.1 FIPS 11 Sep 2018

    Description

      OpenSSL 1.1.1 adds protocol version TLSv1_3. The current config interface has no way to enable or disable that version. This was predicted in PROTON-1670.

      The ssl self test tests the customer interface nicely but does not test that the requested TLS versions used by the domain are enforced or not. Qpid-dispatch has a self test that exercises actual connections https://github.com/apache/qpid-dispatch/blob/master/tests/system_tests_ssl.py and it is failing with OpenSSL v1.1.1.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. PROTON-2009 OpenSSL API has changed and now deprecates SSL_OP_NO_TLSv* used with SSL_CTX_set_options

          • Major - Major loss of function.
          • Open

          Activity

            People

              astitcher Andrew Stitcher
              chug Charles E. Rolke
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: