[jira] [Commented] (PROTON-2021) [c] Make SSL/TLS usage more secure by default
[ https://issues.apache.org/jira/browse/PROTON-2021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16921526#comment-16921526 ] Jiri Daněk commented on PROTON-2021: The fix in DISPATCH-401 may need to be updated in regards to this. Users of qdmanage/qdstat may want to put a CA certificate into system location and then have connections validated using that CA certificate. > [c] Make SSL/TLS usage more secure by default > - > > Key: PROTON-2021 > URL: https://issues.apache.org/jira/browse/PROTON-2021 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c >Reporter: Andrew Stitcher >Assignee: Andrew Stitcher >Priority: Major > Fix For: proton-c-0.28.0 > > > There are some aspects of using TLS with proton-c that are awkward and by > default less secure than they could be. > A good example of this is that it is tricky to set up to verify peer names > against the system default ca certificate list. Even though this is carefully > set up under many (most?) modern OS distributions. > Another example is that for a client on the internet verifying peer names is > the only safe way to use TLS, but this is not the default. -- This message was sent by Atlassian Jira (v8.3.2#803003) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-2021) [c] Make SSL/TLS usage more secure by default
[ https://issues.apache.org/jira/browse/PROTON-2021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16801055#comment-16801055 ] ASF subversion and git services commented on PROTON-2021: - Commit 63025898d33bebc7677518c2c103e2f87dc0ea9e in qpid-proton's branch refs/heads/master from Andrew Stitcher [ https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=6302589 ] PROTON-2021: [c] Improve TLS default security - Default ssl to use system certificates unless overridden with pn_ssl_domain_set_trusted_ca_db() - Change pn_ssl_init() so that NULL domain gives a sensible default > [c] Make SSL/TLS usage more secure by default > - > > Key: PROTON-2021 > URL: https://issues.apache.org/jira/browse/PROTON-2021 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c >Reporter: Andrew Stitcher >Assignee: Andrew Stitcher >Priority: Major > > There are some aspects of using TLS with proton-c that are awkward and by > default less secure than they could be. > A good example of this is that it is tricky to set up to verify peer names > against the system default ca certificate list. Even though this is carefully > set up under many (most?) modern OS distributions. > Another example is that for a client on the internet verifying peer names is > the only safe way to use TLS, but this is not the default. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-2021) [c] Make SSL/TLS usage more secure by default
[ https://issues.apache.org/jira/browse/PROTON-2021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16801057#comment-16801057 ] ASF subversion and git services commented on PROTON-2021: - Commit a58c282dfae85789747b3777d5c20be615d8e70d in qpid-proton's branch refs/heads/master from Andrew Stitcher [ https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=a58c282 ] PROTON-2021: [c] Update ssl-send example to use simpler pn_ssl_init() - Also fixed message-id to ulong as required by AMQP 1.0 std - For back compatibility with previous use of send-ssl: -- With no user/passwd allow insecure anonymous connections -- Otherwise use secure default with SASL PLAIN > [c] Make SSL/TLS usage more secure by default > - > > Key: PROTON-2021 > URL: https://issues.apache.org/jira/browse/PROTON-2021 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c >Reporter: Andrew Stitcher >Assignee: Andrew Stitcher >Priority: Major > > There are some aspects of using TLS with proton-c that are awkward and by > default less secure than they could be. > A good example of this is that it is tricky to set up to verify peer names > against the system default ca certificate list. Even though this is carefully > set up under many (most?) modern OS distributions. > Another example is that for a client on the internet verifying peer names is > the only safe way to use TLS, but this is not the default. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-2021) [c] Make SSL/TLS usage more secure by default
[ https://issues.apache.org/jira/browse/PROTON-2021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16801056#comment-16801056 ] ASF subversion and git services commented on PROTON-2021: - Commit a735a512d3064a330d6f2623e4770da9db5aae2e in qpid-proton's branch refs/heads/master from Andrew Stitcher [ https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=a735a51 ] PROTON-2021: [c] Round out the ssl certificate verification tests > [c] Make SSL/TLS usage more secure by default > - > > Key: PROTON-2021 > URL: https://issues.apache.org/jira/browse/PROTON-2021 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c >Reporter: Andrew Stitcher >Assignee: Andrew Stitcher >Priority: Major > > There are some aspects of using TLS with proton-c that are awkward and by > default less secure than they could be. > A good example of this is that it is tricky to set up to verify peer names > against the system default ca certificate list. Even though this is carefully > set up under many (most?) modern OS distributions. > Another example is that for a client on the internet verifying peer names is > the only safe way to use TLS, but this is not the default. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-2021) [c] Make SSL/TLS usage more secure by default
[ https://issues.apache.org/jira/browse/PROTON-2021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16801021#comment-16801021 ] Andrew Stitcher commented on PROTON-2021: - Another change that changes an error case into a sensible default case is to allow pn_ssl_init() to take a NULL domain to indicate a domain set up with a defualt. In the case a client domain this default sets up peer name verification with the system default certificates. In the case of a server domain it currently sets up whatever is the default server domain - this will tend to not be very useful except for testing purposes as it won't set up any identifying certificates. > [c] Make SSL/TLS usage more secure by default > - > > Key: PROTON-2021 > URL: https://issues.apache.org/jira/browse/PROTON-2021 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c >Reporter: Andrew Stitcher >Assignee: Andrew Stitcher >Priority: Major > > There are some aspects of using TLS with proton-c that are awkward and by > default less secure than they could be. > A good example of this is that it is tricky to set up to verify peer names > against the system default ca certificate list. Even though this is carefully > set up under many (most?) modern OS distributions. > Another example is that for a client on the internet verifying peer names is > the only safe way to use TLS, but this is not the default. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-2021) [c] Make SSL/TLS usage more secure by default
[ https://issues.apache.org/jira/browse/PROTON-2021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16801018#comment-16801018 ] Andrew Stitcher commented on PROTON-2021: - In order to maintain backward behaviour compatibility we will maintain the ANONYMOUS peer verification of a client pn_ssl_domain_t created directly with pn_ssl_domain(PN_SSL_MODE_CLIENT) for now. Even though this is secure. However We will set up the ca certificate store by default for both client and server domains to be the system default trusted ca certificate store as this changes a previous error case into a secure case: Before setting the verify mode for an ssl domain to verify the certificate or the peer name without setting a trusted ca certificate store would cause an error. Setting a store by default allows this error case to safely use the system default. > [c] Make SSL/TLS usage more secure by default > - > > Key: PROTON-2021 > URL: https://issues.apache.org/jira/browse/PROTON-2021 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c >Reporter: Andrew Stitcher >Assignee: Andrew Stitcher >Priority: Major > > There are some aspects of using TLS with proton-c that are awkward and by > default less secure than they could be. > A good example of this is that it is tricky to set up to verify peer names > against the system default ca certificate list. Even though this is carefully > set up under many (most?) modern OS distributions. > Another example is that for a client on the internet verifying peer names is > the only safe way to use TLS, but this is not the default. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
