[ https://issues.apache.org/jira/browse/QPID-6966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pavel Moravec updated QPID-6966: -------------------------------- Summary: C++ broker and client to support TLS1.1 and TLS1.2 by default (was: C++ broker and client to support TLS1.1 and TLS1.2) > C++ broker and client to support TLS1.1 and TLS1.2 by default > ------------------------------------------------------------- > > Key: QPID-6966 > URL: https://issues.apache.org/jira/browse/QPID-6966 > Project: Qpid > Issue Type: Bug > Components: C++ Broker, C++ Client > Affects Versions: qpid-cpp-0.34 > Reporter: Pavel Moravec > Assignee: Pavel Moravec > > Description of problem: > Currently, neither C++ client or broker allows TLS1.1 or TLS1.2 protocol > versions. Please enable it, esp. since Java client 6.1 will disable TLS1.0 > and use 1.1 and 1.2 only. > Version-Release number of selected component (if applicable): > qpid-cpp-server-0.34-5.el6.x86_64 > qpid-cpp-client-0.34-5.el6.x86_64 > How reproducible: > 100% > Steps to Reproduce: > 1. Start qpid broker with SSL configured > 2. openssl s_client -tls1_1 -connect localhost:5671 > 3. openssl s_client -tls1_2 -connect localhost:5671 > Actual results: > Both 2 and 3 fails with: > {noformat} > 139817551390536:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version > number:s3_pkt.c:337: > {noformat} > Expected results: > Both should return something like: > {noformat} > CONNECTED(00000003) > depth=0 CN = localhost > verify error:num=18:self signed certificate > verify return:1 > depth=0 CN = localhost > verify return:1 > 140319888385864:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > certificate:s3_pkt.c:1256:SSL alert number 42 > 140319888385864:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake > failure:s3_pkt.c:596: > --- > Certificate chain > 0 s:/CN=localhost > i:/CN=localhost > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIBoDCCAQmgAwIBAgIFAKUDcMswDQYJKoZIhvcNAQEFBQAwFDESMBAGA1UEAxMJ > bG9jYWxob3N0MB4XDTE1MTIzMDExMDYwN1oXDTE2MDMzMDExMDYwN1owFDESMBAG > A1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgCq6w > o6FW7gIpAQu8y74wuREH6aGo6hc6YVfATz503o7dxqmUUKs6+DkqbEiDu43r51QL > Sb7oduLMmrvC5TfhWEZGe3PYPOuCBbpqDxXs5kKlqSCuIbvDv1ua1WXdqb27/jGr > d6Lf+DsnU+GXrGwLY1W1zchagmFU1P2dLh8JhQIDAQABMA0GCSqGSIb3DQEBBQUA > A4GBACUauXrJB/P0za8mPj5As4uQ3kr7CHIAtFBEAd3MvVmf9RHniMU/resXeE1B > CBOZ4kXmTvVQ+/kDxYTXO/pLq0wh4HHuZC4LrmlIHG2WagEskVnYgqJiHUchKi+8 > URu/CX4rW6/EdcAHhPsKX6nlHFFKYg5u9b9ZtQHYMrfryStZ > -----END CERTIFICATE----- > subject=/CN=localhost > issuer=/CN=localhost > --- > Acceptable client certificate CA names > /CN=dummy > --- > SSL handshake has read 565 bytes and written 202 bytes > --- > New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256 > Server public key is 1024 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1.2 > Cipher : AES128-GCM-SHA256 > Session-ID: > 7D6C1CB53B37700F2BF007D0D079AB72F26A9D289BCA8D98B5B3F1E283311991 > Session-ID-ctx: > Master-Key: > 448215BEAADBFF90B82B421D182F8AD7174426D9292835775C405A7C3AEC2763E5F2A1127E5AE210ADC6B7335EE1F6FA > Key-Arg : None > Krb5 Principal: None > PSK identity: None > PSK identity hint: None > Start Time: 1451483784 > Timeout : 7200 (sec) > Verify return code: 18 (self signed certificate) > --- > {noformat} > Additional info: -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org