[
https://issues.apache.org/jira/browse/CASSANDRA-13259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15901296#comment-15901296
]
Stefan Podkowinski commented on CASSANDRA-13259:
------------------------------------------------
Does anyone mind if I get rid of store_type, too? The new default for Java 9
will be PKCS12 instead of JKS (http://openjdk.java.net/jeps/229). Also it's
actually not a good idea in general to have a single store type and algorithm
for both keystore and truststore, as I may want to use a public, global JKS
store or the JVM cacerts as truststore and generate host specific keystores as
PKCS12, e.g. via openssl. This is currently not possible by configuring a
single store type for both.
In general, advanced JSSE settings should be configured using either system
properties (jvm.options) or security properties
(jre/lib/security/java.security), see
[here|http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#InstallationAndCustomization]
for possible values. We should encourage this practice and be agnostic about
the finer configuration details. I'd therefor like to remove the advanced
settings at least from stock cassandra.yaml.
See my [WIP branch|https://github.com/spodkowinski/cassandra/tree/WIP-13259]
for implementation details.
> Use platform specific X.509 default algorithm
> ---------------------------------------------
>
> Key: CASSANDRA-13259
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13259
> Project: Cassandra
> Issue Type: Improvement
> Components: Configuration
> Reporter: Stefan Podkowinski
> Assignee: Stefan Podkowinski
> Priority: Minor
> Fix For: 4.x
>
>
> We should replace the hardcoded "SunX509" default algorithm and use the JRE
> default instead. This implementation will currently not work on less popular
> platforms (e.g. IBM) and won't get any further updates.
> See also:
> https://bugs.openjdk.java.net/browse/JDK-8169745
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
