[
https://issues.apache.org/jira/browse/CASSANDRA-11164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15159131#comment-15159131
]
Stefan Podkowinski commented on CASSANDRA-11164:
------------------------------------------------
Scope of this ticket as reported would be:
- respect ordering of enabled ciphers
- apply cipher filtering wherever SSL is used
I've now created two patches for that:
- {{11164-2.2_1_preserve_cipher_order.patch}} - cherry picked
{{filterCipherSuites}} implementation and unit test from CASSANDRA-10508 with
some of your suggested changes
- {{11164-2.2_2_call_filterCipherSuites_everywhere.patch}} - this is
{{11164-2.2.txt}} from Tom minus the {{filterCipherSuites}} implementation
||2.2||
|[Branch|https://github.com/spodkowinski/cassandra/commits/CASSANDRA-11164]|
|[testall|http://cassci.datastax.com/view/Dev/view/spodkowinski/job/spodkowinski-CASSANDRA-11164-testall/]|
|[dtest|http://cassci.datastax.com/view/Dev/view/spodkowinski/job/spodkowinski-CASSANDRA-11164-dtest/]|
> Order and filter cipher suites correctly
> ----------------------------------------
>
> Key: CASSANDRA-11164
> URL: https://issues.apache.org/jira/browse/CASSANDRA-11164
> Project: Cassandra
> Issue Type: Bug
> Reporter: Tom Petracca
> Assignee: Stefan Podkowinski
> Priority: Minor
> Fix For: 2.2.x
>
> Attachments: 11164-2.2.txt, 11164-on-10508-2.2.patch
>
>
> As pointed out in https://issues.apache.org/jira/browse/CASSANDRA-10508,
> SSLFactory.filterCipherSuites() doesn't respect the ordering of desired
> ciphers in cassandra.yaml.
> Also the fix that occurred for
> https://issues.apache.org/jira/browse/CASSANDRA-3278 is incomplete and needs
> to be applied to all locations where we create an SSLSocket so that JCE is
> not required out of the box or with additional configuration.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
