[jira] [Commented] (CASSANDRA-11164) Order and filter cipher suites correctly

Tue, 23 Feb 2016 17:32:37 -0800 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-11164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15160023#comment-15160023
 ] 

Stefania commented on CASSANDRA-11164:
--------------------------------------

I understood that the ordering would be dealt with by CASSANDRA-10508 but if we 
want to fix it here then that's probably better since this can then go into 2.2 
and CASSANDRA-10508 be limited to 3.x only. 

{{testServerSocketCiphers}} is failing locally on my machine because the 256 
cipher_suites are not returned by {{socket.getEnabledCipherSuites()}}, so I 
think we should remove it from this patch? Incidentally it also doesn't need 
{{UnknownHostException}} in the throws declaration since {{IOException}} is 
more generic.

{{TestTupleType}} has failed on jenkins but it is passing locally and the 
failure doesn't seem related. 

Let's rebase, squash the two commits and repeat the cassci tests on *2.2, 3.0* 
and *trunk*. If that's clear then we are good to go. If {{TestTupleType}} is 
still failing then my best guess is that for some reason we've uncovered an 
existing problem in {{CQLTester}} and we'll deal with it.

We'll also need to add a line to CHANGES.txt.  

> Order and filter cipher suites correctly
> ----------------------------------------
>
>                 Key: CASSANDRA-11164
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11164
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Tom Petracca
>            Assignee: Stefan Podkowinski
>            Priority: Minor
>             Fix For: 2.2.x
>
>         Attachments: 11164-2.2.txt, 11164-2.2_1_preserve_cipher_order.patch, 
> 11164-2.2_2_call_filterCipherSuites_everywhere.patch
>
>
> As pointed out in https://issues.apache.org/jira/browse/CASSANDRA-10508, 
> SSLFactory.filterCipherSuites() doesn't respect the ordering of desired 
> ciphers in cassandra.yaml.
> Also the fix that occurred for 
> https://issues.apache.org/jira/browse/CASSANDRA-3278 is incomplete and needs 
> to be applied to all locations where we create an SSLSocket so that JCE is 
> not required out of the box or with additional configuration.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to