[
https://issues.apache.org/jira/browse/CASSANDRA-11164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15158177#comment-15158177
]
Stefania commented on CASSANDRA-11164:
--------------------------------------
[[email protected]] can you confirm that the only patch to review is the one
you've attached, _11164-on-10508-2.2.patch_? If so what is the correct patch
for CASSANDRA-10508? I tried both the text file attached or the github
[link|https://github.com/spodkowinski/cassandra/tree/WIP-10508-2.2] and I got
compilation errors ({{filterCipherSuites(String[],String[]) is not public in
SSLFactory;}}).
I know it's part of the patch of CASSANDRA-10508 but I couldn't help noticing
that {{filterCipherSuites}} could be much simpler and avoid redundancy and
copies. Something like this:
{code}
public static String[] filterCipherSuites(String[] supported, String[]
desired)
{
if (Arrays.equals(supported, desired))
return desired;
String[] ret =
Iterables.toArray(Iterables.filter(Arrays.asList(desired),
Predicates.in(Sets.newHashSet(supported))),
String.class);
if (logger.isWarnEnabled() && desired.length > ret.length)
{
Iterable<String> missing = Iterables.filter(Arrays.asList(desired),
Predicates.not(Predicates.in(Sets.newHashSet(ret))));
logger.warn("Filtering out {} as it isn't supported by the socket",
Iterables.toString(missing));
}
return ret;
}
{code}
I haven't tested it but I believe it should keep the order and avoid
unnecessary copies other than for creating sets, which is debatable - here too
we could just use an {{ArrayList}} in the predicate if we have less than 20
items or so.
As for this specific patch, it looks good except for a trailing space in
{{CustomTThreadPoolServer.java}}.
Once we clarify the correct patches to apply I will organize a cassci run.
We should also update the title of this ticket to reflect its new scope.
> Order and filter cipher suites correctly
> ----------------------------------------
>
> Key: CASSANDRA-11164
> URL: https://issues.apache.org/jira/browse/CASSANDRA-11164
> Project: Cassandra
> Issue Type: Bug
> Reporter: Tom Petracca
> Assignee: Stefan Podkowinski
> Priority: Minor
> Fix For: 2.2.x
>
> Attachments: 11164-2.2.txt, 11164-on-10508-2.2.patch
>
>
> As pointed out in https://issues.apache.org/jira/browse/CASSANDRA-10508,
> SSLFactory.filterCipherSuites() doesn't respect the ordering of desired
> ciphers in cassandra.yaml.
> Also the fix that occurred for
> https://issues.apache.org/jira/browse/CASSANDRA-3278 is incomplete and needs
> to be applied to all locations where we create an SSLSocket so that JCE is
> not required out of the box or with additional configuration.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
