Uploaded image for project: 'ActiveMQ .Net'
  1. ActiveMQ .Net
  2. AMQNET-768

default SSL context and protocols being set to TLS 1.0

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • OpenWire-1.8.0
    • OpenWire-2.0.0
    • NMS, OpenWire
    • None

    Description

      The NMS openwire client is unable to connect to ActiveMQ brokers that do not support TLS 1.0 anymore.

      If not set via the setter, the SslTransport class' GetAllowedProtocol method will return a default value for the SslProtocols enum.  It is currently set to an enum value of "Default" which forces the use of TLS 1.0 --which has known vulnerabilities and is often unavailable on the server-side.  Microsoft documentation has long recommended using an enum value of "None" as a default value, which allows the OS to determine the best protocol.

      In addition to the current default value of GetAllowedProtocol() being undesirable, the SslContext class is explicitly initializing a ThreadStatic to TLS.  This should also be changed to "None" so that the OS chooses the best protocol.

       

       

      Attachments

        Issue Links

          links to

          Web Link Github PR#21

          Activity

            People

              Unassigned Unassigned
              pat.mealey@thomsonreuters.com Patrick Mealey
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: