Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-2021

[c] Make SSL/TLS usage more secure by default

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • proton-c-0.28.0
    • proton-c
    • None

    Description

      There are some aspects of using TLS with proton-c that are awkward and by default less secure than they could be.

      A good example of this is that it is tricky to set up to verify peer names against the system default ca certificate list. Even though this is carefully set up under many (most?) modern OS distributions.

      Another example is that for a client on the internet verifying peer names is the only safe way to use TLS, but this is not the default.

      Attachments

        Issue Links

          Activity

            People

              astitcher Andrew Stitcher
              astitcher Andrew Stitcher
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: