----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/26829/#review57310 -----------------------------------------------------------
Ship it! Looks fine to me, though I am no expert on NSS. One thing just to note, is that when the SSL port and the plain TCP pport are the same, there is a different codepath used that includes some version checking (see isSslStream() in qpid/sys/ssl/SslSocket.cpp). That may be in addition to NSS checks, rather than instead of, so may not require any further fixes. - Gordon Sim On Oct. 16, 2014, 9:50 p.m., Kenneth Giusti wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/26829/ > ----------------------------------------------------------- > > (Updated Oct. 16, 2014, 9:50 p.m.) > > > Review request for qpid and Gordon Sim. > > > Bugs: qpid-6160 > https://issues.apache.org/jira/browse/qpid-6160 > > > Repository: qpid > > > Description > ------- > > Sets the minimum protocol level for SSL to TLSv1.0 > > > Diffs > ----- > > trunk/qpid/cpp/src/qpid/sys/ssl/util.cpp 1632383 > > Diff: https://reviews.apache.org/r/26829/diff/ > > > Testing > ------- > > Used openssl to test for rejection, confirmed with wireshark traces. > > > Thanks, > > Kenneth Giusti > >