The default SSL protocol version in SslSettings is set to SslProtocols.Tls which is insecure and deprecated.
Looking at the documentation for SslProtocols, SslProtocols.Tls is obsolete starting in .NET 7.
It seems to me like SslProtocols.None which Allows the operating system to choose the best protocol to use, and to block protocols that are not secure. Unless your app has a specific reason not to, you should use this field. is the best option here.
Looking at the SSL documentation for the .NET RabbitMq.Client under TLS Support, it is also noted that:
RabbitMQ .NET client 5.x series uses TLSv1.0 by default.
If a connection that uses SslProtocols.None to pick a suitable TLS version fails, the client will retry with TLSv1.2 enabled explicitly. This reduces the need for explicit configuration on the application developer's end in environments where automatic TLS version selection is disabled, not available or otherwise cannot be relied on.
And I can see that this package is using RabbitMq.Client version 6.5.0, which again points to SslProtocols.None as the best option.
This would also solve the issue #80 of connections to RabbitMQ in AWS not working by default, unless explicitly specifying SslProtocols.Tls12, as AWS defaults to TLSv1.2.
The default SSL protocol
version
inSslSettings
is set toSslProtocols.Tls
which is insecure and deprecated. Looking at the documentation for SslProtocols,SslProtocols.Tls
is obsolete starting in .NET 7.It seems to me like
SslProtocols.None
which Allows the operating system to choose the best protocol to use, and to block protocols that are not secure. Unless your app has a specific reason not to, you should use this field. is the best option here.Looking at the SSL documentation for the .NET
RabbitMq.Client
under TLS Support, it is also noted that:And I can see that this package is using
RabbitMq.Client
version 6.5.0, which again points toSslProtocols.None
as the best option.This would also solve the issue #80 of connections to RabbitMQ in AWS not working by default, unless explicitly specifying
SslProtocols.Tls12
, as AWS defaults to TLSv1.2.