Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-2009

OpenSSL API has changed and now deprecates SSL_OP_NO_TLSv* used with SSL_CTX_set_options

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • proton-c-0.26.0
    • None
    • proton-c
    • Fedora 29, OpenSSL 1.1.1 FIPS 11 Sep 2018

    Description

      The OpenSSL SSL_OP_NO_TLSvxxx options are deprecated for use in SSL_CTX_set_options().

      As of OpenSSL 1.1 way to specify TLS versions is through a min-version and max-version scheme - this is more code future proof.

      You can specify a minimum version and 0 for the maximum meaning the latest version.

      Proton's interface to this allows more than can be specified using the min/max API as you can specify each protocol individually.

      The proton code is also not future proof in that it "knows" about each TLS protocol individually in the code.

      Attachments

        Issue Links

          is a clone of

          Bug - A problem which impairs or prevents the functions of the product. PROTON-1989 TLS Configuration does not support TLSv1_3 in OpenSSL v1.1.1

          • Major - Major loss of function.
          • Closed

          Activity

            People

              astitcher Andrew Stitcher
              chug Charles E. Rolke
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: