[NuGet Gallery] Message for owners of the package 'Apache.NMS.ActiveMQ'

Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[NuGet Gallery] Message for owners of the package 'Apache.NMS.ActiveMQ'

NuGet Gallery
User zech <[hidden email]> sends the following message to the owners of Package 'Apache.NMS.ActiveMQ 1.7.2 (https://www.nuget.org/packages/Apache.NMS.ActiveMQ/1.7.2)'.

Hello,
I have found a problem using this library with TLS1.2 to connect to ActiveMQ (our server only supports TLS 1.2).
The current library implementation only supports  Tls or Ssl3 because of  (see file SslTransport.cs)

       private SslProtocols GetAllowedProtocol()
        {
            if (!String.IsNullOrEmpty(SslProtocol))
            {
                return (SslProtocols)Enum.Parse(typeof(SslProtocols), SslProtocol, true);
            }
   
            return SslProtocols.Default;
        }

Return should be SslProtocols.None ! (see remark in decompiled System.Security.Authentication.SslProtocols)

/ Decompiled with JetBrains decompiler
// Type: System.Security.Authentication.SslProtocols
// Assembly: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: 862B9365-843C-4BF1-BA93-210C124BB523
// Assembly location: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll

namespace System.Security.Authentication
{
/// <summary>Defines the possible versions of <see cref="T:System.Security.Authentication.SslProtocols" />.</summary>
[Flags]
[__DynamicallyInvokable]
public enum SslProtocols
{
/// <summary>Allows the operating system to choose the best protocol to use, and to block protocols that are not secure. Unless your app has a specific reason not to, you should use this field.</summary>
[__DynamicallyInvokable] None = 0,
/// <summary>Specifies the SSL 2.0 protocol. SSL 2.0 has been superseded by the TLS protocol and is provided for backward compatibility only.</summary>
[__DynamicallyInvokable] Ssl2 = 12, // 0x0000000C
/// <summary>Specifies the SSL 3.0 protocol. SSL 3.0 has been superseded by the TLS protocol and is provided for backward compatibility only.</summary>
[__DynamicallyInvokable] Ssl3 = 48, // 0x00000030
/// <summary>Specifies the TLS 1.0 security protocol. The TLS protocol is defined in IETF RFC 2246.</summary>
[__DynamicallyInvokable] Tls = 192, // 0x000000C0
/// <summary>Specifies the TLS 1.1 security protocol. The TLS protocol is defined in IETF RFC 4346.</summary>
[__DynamicallyInvokable] Tls11 = 768, // 0x00000300
/// <summary>Specifies the TLS 1.2 security protocol. The TLS protocol is defined in IETF RFC 5246.</summary>
[__DynamicallyInvokable] Tls12 = 3072, // 0x00000C00
/// <summary>Specifies the TLS 1.3 security protocol. The TLS protocol is defined in IETF RFC 8446.</summary>
Tls13 = 12288, // 0x00003000
/// <summary>Use None instead of Default. Default permits only the Secure Sockets Layer (SSL) 3.0 or Transport Layer Security (TLS) 1.0 protocols to be negotiated, and those options are now considered obsolete. Consequently, Default is not allowed in many organizations. Despite the name of this field, <see cref="T:System.Net.Security.SslStream" /> does not use it as a default except under special circumstances.</summary>
Default = Tls | Ssl3, // 0x000000F0
}

Best regards
Hansjoerg

-----------------------------------------------
    To stop receiving contact emails as an owner of this package, sign in to the NuGet Gallery and
    change your email notification settings (https://www.nuget.org/account).

Privacy Statement (https://go.microsoft.com/fwlink/?LinkId=521839)
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA