commit 5fd4dfa45987cda45edcd83a4d92874c3c434ad1
author Timothy A. Bish <tabish@apache.org> Fri Dec 12 19:08:21 2014 +0000
committer Timothy A. Bish <tabish@apache.org> Fri Dec 12 19:08:21 2014 +0000
tree b7c0b121fb199c6f1aba292d645f90ed488f900b
parent 5b391fefb0eb4bac176adedbec3a7b657cdcb5f2

Make SSL-Protocol configurable to use others than SSLProtocols.Default (which is SSL 3.0/TLS 1.0)

add transport.sslProtocol="Tls" etc to configure something other than default.
Fixes [AMQNET-AMQNET-476]. (See https://issues.apache.org/jira/browse/AMQNET-AMQNET-476)

src/main/csharp/Transport/Tcp/SslTransport.cs

diff --git a/src/main/csharp/Transport/Tcp/SslTransport.cs b/src/main/csharp/Transport/Tcp/SslTransport.cs
index 52452b5..caa3ec7 100644
--- a/src/main/csharp/Transport/Tcp/SslTransport.cs
+++ b/src/main/csharp/Transport/Tcp/SslTransport.cs
@@ -33,6 +33,7 @@
         private string brokerCertFilename;
         private string keyStoreName;
         private string keyStoreLocation;
+        private string sslProtocol;
         private bool acceptInvalidBrokerCert = false;
 
         private SslStream sslStream;
@@ -117,6 +118,12 @@
             set { this.keyStoreLocation = value; }
         }
 
+        public string SslProtocol
+        {
+            get { return this.sslProtocol; }
+            set { this.sslProtocol = value; }
+        }
+
         protected override Stream CreateSocketStream()
         {
             if(this.sslStream != null)
@@ -138,8 +145,8 @@
             try
             {
                 string remoteCertName = this.serverName ?? this.RemoteAddress.Host;
-                Tracer.Debug("Authorizing as Client for Server: " + remoteCertName);
-                sslStream.AuthenticateAsClient(remoteCertName, LoadClientCertificates(), SslProtocols.Default, false);
+                Tracer.DebugFormat("Authorizing as Client for Server: {0}", remoteCertName);
+                sslStream.AuthenticateAsClient(remoteCertName, LoadClientCertificates(), GetAllowedProtocol(), false);
                 Tracer.Debug("Server is Authenticated = " + sslStream.IsAuthenticated);
                 Tracer.Debug("Server is Encrypted = " + sslStream.IsEncrypted);
             }
@@ -313,5 +320,15 @@
 
             return collection;
         }
+
+        private SslProtocols GetAllowedProtocol() 
+        {
+            if (!String.IsNullOrEmpty(SslProtocol))
+            {
+                return (SslProtocols)Enum.Parse(typeof(SslProtocols), SslProtocol, true);
+            }
+
+            return SslProtocols.Default;
+        }
     }
 }

src/main/csharp/Transport/Tcp/SslTransportFactory.cs

diff --git a/src/main/csharp/Transport/Tcp/SslTransportFactory.cs b/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
index 73a9d07..080aac3 100644
--- a/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
+++ b/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
@@ -31,6 +31,7 @@
         private string brokerCertFilename;
         private string keyStoreName;
         private string keyStoreLocation;
+        private string sslProtocol;
         private bool acceptInvalidBrokerCert = false;
         
         public SslTransportFactory() : base()
@@ -85,6 +86,12 @@
             set { this.keyStoreLocation = value; }
         }
 
+        public string SslProtocol
+        {
+            get { return this.sslProtocol; }
+            set { this.sslProtocol = value; }
+        }
+
 		protected override ITransport DoCreateTransport(Uri location, Socket socket, IWireFormat wireFormat )
 		{
             Tracer.Debug("Creating new instance of the SSL Transport.");
@@ -98,6 +105,7 @@
             transport.KeyStoreLocation = this.keyStoreLocation;
             transport.KeyStoreName = this.keyStoreName;
             transport.AcceptInvalidBrokerCert = this.acceptInvalidBrokerCert;
+            transport.SslProtocol = this.sslProtocol;
             
             return transport;
 		}