Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-3639

C# Thrift library forces TLS 1.0, thwarting TLS 1.2 usage

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.9.3
    • Fix Version/s: 0.10.0
    • Component/s: C# - Library
    • Labels:
      None

      Description

      TTLSSocket.cs.setupTLS() uses SslProtocols.Tls, which forces TLS 1.0. I suspect this was originally done to prevent SSLv2 from working against a poorly configured server, but now prevents working against a TLS 1.2 server, thus decreasing security.

      Since PCI-DSS requires removing anything less than TLS 1.2 by June, this is a critical issue for those of us working in that environment.

      Thanks!

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              cott@internetstaff.com Cott Lang
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: