Make SSL-Protocol configurable to use others than SSLProtocols.Default (which is SSL 3.0/TLS 1.0)
add transport.sslProtocol="Tls" etc to configure something other than default.
Fixes [AMQNET-AMQNET-476]. (See https://issues.apache.org/jira/browse/AMQNET-AMQNET-476)
diff --git a/src/main/csharp/Transport/Tcp/SslTransport.cs b/src/main/csharp/Transport/Tcp/SslTransport.cs
index 52452b5..caa3ec7 100644
--- a/src/main/csharp/Transport/Tcp/SslTransport.cs
+++ b/src/main/csharp/Transport/Tcp/SslTransport.cs
@@ -33,6 +33,7 @@
private string brokerCertFilename;
private string keyStoreName;
private string keyStoreLocation;
+ private string sslProtocol;
private bool acceptInvalidBrokerCert = false;
private SslStream sslStream;
@@ -117,6 +118,12 @@
set { this.keyStoreLocation = value; }
}
+ public string SslProtocol
+ {
+ get { return this.sslProtocol; }
+ set { this.sslProtocol = value; }
+ }
+
protected override Stream CreateSocketStream()
{
if(this.sslStream != null)
@@ -138,8 +145,8 @@
try
{
string remoteCertName = this.serverName ?? this.RemoteAddress.Host;
- Tracer.Debug("Authorizing as Client for Server: " + remoteCertName);
- sslStream.AuthenticateAsClient(remoteCertName, LoadClientCertificates(), SslProtocols.Default, false);
+ Tracer.DebugFormat("Authorizing as Client for Server: {0}", remoteCertName);
+ sslStream.AuthenticateAsClient(remoteCertName, LoadClientCertificates(), GetAllowedProtocol(), false);
Tracer.Debug("Server is Authenticated = " + sslStream.IsAuthenticated);
Tracer.Debug("Server is Encrypted = " + sslStream.IsEncrypted);
}
@@ -313,5 +320,15 @@
return collection;
}
+
+ private SslProtocols GetAllowedProtocol()
+ {
+ if (!String.IsNullOrEmpty(SslProtocol))
+ {
+ return (SslProtocols)Enum.Parse(typeof(SslProtocols), SslProtocol, true);
+ }
+
+ return SslProtocols.Default;
+ }
}
}
diff --git a/src/main/csharp/Transport/Tcp/SslTransportFactory.cs b/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
index 73a9d07..080aac3 100644
--- a/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
+++ b/src/main/csharp/Transport/Tcp/SslTransportFactory.cs
@@ -31,6 +31,7 @@
private string brokerCertFilename;
private string keyStoreName;
private string keyStoreLocation;
+ private string sslProtocol;
private bool acceptInvalidBrokerCert = false;
public SslTransportFactory() : base()
@@ -85,6 +86,12 @@
set { this.keyStoreLocation = value; }
}
+ public string SslProtocol
+ {
+ get { return this.sslProtocol; }
+ set { this.sslProtocol = value; }
+ }
+
protected override ITransport DoCreateTransport(Uri location, Socket socket, IWireFormat wireFormat )
{
Tracer.Debug("Creating new instance of the SSL Transport.");
@@ -98,6 +105,7 @@
transport.KeyStoreLocation = this.keyStoreLocation;
transport.KeyStoreName = this.keyStoreName;
transport.AcceptInvalidBrokerCert = this.acceptInvalidBrokerCert;
+ transport.SslProtocol = this.sslProtocol;
return transport;
}