Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-2009

OpenSSL API has changed and now deprecates SSL_OP_NO_TLSv* used with SSL_CTX_set_options

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: proton-c-0.26.0
    • Fix Version/s: None
    • Component/s: proton-c
    • Labels:
      None
    • Environment:
      Fedora 29, OpenSSL 1.1.1 FIPS 11 Sep 2018

      Description

      The OpenSSL SSL_OP_NO_TLSvxxx options are deprecated for use in SSL_CTX_set_options().

      As of OpenSSL 1.1 way to specify TLS versions is through a min-version and max-version scheme - this is more code future proof.

      You can specify a minimum version and 0 for the maximum meaning the latest version.

      Proton's interface to this allows more than can be specified using the min/max API as you can specify each protocol individually.

      The proton code is also not future proof in that it "knows" about each TLS protocol individually in the code.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                astitcher Andrew Stitcher
                Reporter:
                chug Charles E. Rolke
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: