Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
OpenWire-1.8.0
-
None
Description
The NMS openwire client is unable to connect to ActiveMQ brokers that do not support TLS 1.0 anymore.
If not set via the setter, the SslTransport class' GetAllowedProtocol method will return a default value for the SslProtocols enum. It is currently set to an enum value of "Default" which forces the use of TLS 1.0 --which has known vulnerabilities and is often unavailable on the server-side. Microsoft documentation has long recommended using an enum value of "None" as a default value, which allows the OS to determine the best protocol.
In addition to the current default value of GetAllowedProtocol() being undesirable, the SslContext class is explicitly initializing a ThreadStatic to TLS. This should also be changed to "None" so that the OS chooses the best protocol.
Attachments
Issue Links
- links to