Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WFSSL-10] NPE with wildfly-openssl using OpenSSL 1.1.1 #57

Merged
merged 1 commit into from Apr 10, 2019
Merged

[WFSSL-10] NPE with wildfly-openssl using OpenSSL 1.1.1 #57

merged 1 commit into from Apr 10, 2019

Conversation

iweiss
Copy link
Contributor

@iweiss iweiss commented Mar 14, 2019

jstourac
jstourac reviewed Mar 14, 2019
View reviewed changes
libwfssl/src/ssl.c
@@ -573,6 +573,17 @@ WF_OPENSSL(jlong, makeSSLContext)(JNIEnv *e, jobject o, jint protocol, jint mode
if (!(protocol & SSL_PROTOCOL_TLSV1_2))
ssl_methods.SSL_CTX_ctrl((c->ctx),SSL_CTRL_OPTIONS,(SSL_OP_NO_TLSv1_2),NULL);
}

/* We need to disable TLSv1.3 if running on OpenSSL 1.1.0+ */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the exact reason to disable TLSv1.3 completely here?

Copy link
Contributor Author

@iweiss iweiss Mar 14, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TLSv1.3 is not supported at the moment. It brings too many changes that might require some rewriting to implement.

Take a look at https://wiki.openssl.org/index.php/TLS1.3 for more details.

@fl4via, would it be safe to say that wildfly-openssl 1.0.x will be TLSv1.2 only and 1.1.x will support TLSv1.3?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iweiss probably, or maybe even 2.x, I'll have to define an implementation plan for this

fl4via
fl4via approved these changes Apr 10, 2019
View reviewed changes
libwfssl/src/ssl.c
@@ -573,6 +573,17 @@ WF_OPENSSL(jlong, makeSSLContext)(JNIEnv *e, jobject o, jint protocol, jint mode
if (!(protocol & SSL_PROTOCOL_TLSV1_2))
ssl_methods.SSL_CTX_ctrl((c->ctx),SSL_CTRL_OPTIONS,(SSL_OP_NO_TLSv1_2),NULL);
}

/* We need to disable TLSv1.3 if running on OpenSSL 1.1.0+ */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iweiss probably, or maybe even 2.x, I'll have to define an implementation plan for this

@stuartwdouglas stuartwdouglas merged commit 0f075a1 into wildfly-security:master Apr 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jstourac jstourac jstourac left review comments

@fl4via fl4via fl4via approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@iweiss @fl4via @jstourac @stuartwdouglas