streadway / amqp

Go client for AMQP 0.9.1

http://godoc.org/github.com/streadway/amqp

BSD 2-Clause "Simplified" License

4.88k stars 621 forks source link

DialTLS with tls minVersion but the protocol still is TLSv1.0 #462

Open lyszhang opened 4 years ago

lyszhang commented 4 years ago

GO 1.12 and GO 1.11 both the same

`caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert)

tlsConfig := &tls.Config{
    Certificates: []tls.Certificate{cert}, // from tls.LoadX509KeyPair
    RootCAs:      caCertPool,
    MinVersion:   tls.VersionTLS11,
    MaxVersion:   tls.VersionTLS12,
    // ...other options are just the same as yours
}

conn, err := amqp.DialTLS(connStr, tlsConfig)
if err != nil {
    log.Fatal("DialTls", err.Error())
    return nil, err
}`

michaelklishin commented 4 years ago

You are welcome to investigate why the settings might not get applied and submit a PR. It's worth mentioning that TLS version negotiation involves two peers and we have no information about what Erlang version is used and what TLS versions are enabled in the configuration.