Qpid
  1. Qpid
  2. QPID-4013

Windows Broker SSL is more difficult to use than necessary and possibly less secure than possible

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 0.14, 0.16, 0.17
    • Fix Version/s: 0.17
    • Component/s: C++ Broker
    • Labels:
      None
    • Environment:

      Windows

      Description

      The current Windows Broker SSL code always uses the LocalMachine certificate store opened read/write. This has a number of drawbacks:

      • Opening read/write means that the broker has to run as administrator to use the certificates in the store. The broker only reads from the store so this is actually unnecessary.
      • Forcing use of LocalMachine for the certificates means that they are readable by every user on the machine which might be a security issue. As it would allow any process on the machine to impersonate the qpid broker.

        Activity

          People

          • Assignee:
            Andrew Stitcher
            Reporter:
            Andrew Stitcher
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development