[ https://issues.apache.org/jira/browse/CASSANDRA-14067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16262403#comment-16262403 ]
Jason Brown commented on CASSANDRA-14067: ----------------------------------------- lol - I thought we've played this game before CASSANDRA-13259 :D tbh, I'm not sure how netty deals with the SSL algorithm. We should check on that, as well. I can look next week as going offline soon. > Change default for SSL algorithm > -------------------------------- > > Key: CASSANDRA-14067 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14067 > Project: Cassandra > Issue Type: Bug > Reporter: Stefan Podkowinski > Assignee: Stefan Podkowinski > Labels: security > Fix For: 4.x > > > The hardcoded default for the SSL validation algorithm should be changed from > SunX509 to PKIX, which has been [default since Java > 7|https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#SupportClasses]. > Starting with Java 9, the use of SunX509 is [actively > discouraged|https://bugs.openjdk.java.net/browse/JDK-8169745], as it > implements fewer security constraints. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org