Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
qpid-cpp-0.34
-
None
Description
Description of problem:
Currently, neither C++ client or broker allows TLS1.1 or TLS1.2 protocol versions. Please enable it, esp. since Java client 6.1 will disable TLS1.0 and use 1.1 and 1.2 only.
Version-Release number of selected component (if applicable):
qpid-cpp-server-0.34-5.el6.x86_64
qpid-cpp-client-0.34-5.el6.x86_64
How reproducible:
100%
Steps to Reproduce:
1. Start qpid broker with SSL configured
2. openssl s_client -tls1_1 -connect localhost:5671
3. openssl s_client -tls1_2 -connect localhost:5671
Actual results:
Both 2 and 3 fails with:
139817551390536:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
Expected results:
Both should return something like:
CONNECTED(00000003) depth=0 CN = localhost verify error:num=18:self signed certificate verify return:1 depth=0 CN = localhost verify return:1 140319888385864:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42 140319888385864:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596: --- Certificate chain 0 s:/CN=localhost i:/CN=localhost --- Server certificate -----BEGIN CERTIFICATE----- MIIBoDCCAQmgAwIBAgIFAKUDcMswDQYJKoZIhvcNAQEFBQAwFDESMBAGA1UEAxMJ bG9jYWxob3N0MB4XDTE1MTIzMDExMDYwN1oXDTE2MDMzMDExMDYwN1owFDESMBAG A1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgCq6w o6FW7gIpAQu8y74wuREH6aGo6hc6YVfATz503o7dxqmUUKs6+DkqbEiDu43r51QL Sb7oduLMmrvC5TfhWEZGe3PYPOuCBbpqDxXs5kKlqSCuIbvDv1ua1WXdqb27/jGr d6Lf+DsnU+GXrGwLY1W1zchagmFU1P2dLh8JhQIDAQABMA0GCSqGSIb3DQEBBQUA A4GBACUauXrJB/P0za8mPj5As4uQ3kr7CHIAtFBEAd3MvVmf9RHniMU/resXeE1B CBOZ4kXmTvVQ+/kDxYTXO/pLq0wh4HHuZC4LrmlIHG2WagEskVnYgqJiHUchKi+8 URu/CX4rW6/EdcAHhPsKX6nlHFFKYg5u9b9ZtQHYMrfryStZ -----END CERTIFICATE----- subject=/CN=localhost issuer=/CN=localhost --- Acceptable client certificate CA names /CN=dummy --- SSL handshake has read 565 bytes and written 202 bytes --- New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256 Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : AES128-GCM-SHA256 Session-ID: 7D6C1CB53B37700F2BF007D0D079AB72F26A9D289BCA8D98B5B3F1E283311991 Session-ID-ctx: Master-Key: 448215BEAADBFF90B82B421D182F8AD7174426D9292835775C405A7C3AEC2763E5F2A1127E5AE210ADC6B7335EE1F6FA Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1451483784 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) ---
Additional info: