search

zeroc-ice / ice

All-in-one solution for creating networked applications with RPC, pub/sub, server deployment, and more.
https://zeroc.com
GNU General Public License v2.0
2k stars 592 forks source link

Review IceSSL protocol defaults #332

Open externl opened 5 years ago

externl commented 5 years ago

We should review our IceSSL protocol defaults. We bake in (as of 3.7.1) defaults instead of using platform defaults. In the past this was because SSLv3 as still enabled by default on many platforms.

If we move back to using system defaults it would maybe resolve future issues with new protocols such as https://github.com/zeroc-ice/ice/issues/330.

If we keep using our own defaults we should remove TLSv1.0, as it's no longer recommended for use.

pepone commented 5 years ago

For C# using SsslProtocols.None will allow IceSSL negotiate the connection using system defaults