[THRIFT-3639] C# Thrift library forces TLS 1.0, thwarting TLS 1.2 usage - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.9.3
Fix Version/s: 0.10.0
Component/s: C# - Library
Labels:
None

Description

TTLSSocket.cs.setupTLS() uses SslProtocols.Tls, which forces TLS 1.0. I suspect this was originally done to prevent SSLv2 from working against a poorly configured server, but now prevents working against a TLS 1.2 server, thus decreasing security.

Since PCI-DSS requires removing anything less than TLS 1.2 by June, this is a critical issue for those of us working in that environment.

Thanks!

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Cott Lang

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 17/Feb/16 00:50

Updated:: 19/Feb/16 02:17

Resolved:: 18/Feb/16 16:11