[jira] [Comment Edited] (CASSANDRA-18624) Make Corretto Crypto Provider the Default

[Stefan Miklosovic (Jira)]

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-18624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17747118#comment-17747118
 ] 

Stefan Miklosovic edited comment on CASSANDRA-18624 at 7/25/23 7:58 PM:
------------------------------------------------------------------------

I asked Corretto guys directly and the answer is quite interesting. As I read 
it, Corretto is trully a subset but on the other hand they are not supporting 
protocols which are considered weak. So we are actually making Cassandra more 
secure if we drop the support of the algorithms which are weak and haven't 
manage to make it to Corretto.

https://github.com/corretto/amazon-corretto-crypto-provider/issues/315

[~mck] [~jwest] thoughts? 

My opinion is that I would ship it but I would not make it the default. We 
would default to JREProvider. We might deprecate the usage of in-JRE crypto 
provider and we would make it default in 6.0 but that is really just an idea. I 
am completely fine with shipping it and not making it default and not deprecate 
anything for ever.


was (Author: smiklosovic):
I asked Corretto guys directly and the answer is quite interesting. As I read 
it, Corretto is trully a subset but on the other hand they are not supporting 
protocols which are considered weak. So we are actually making Cassandra more 
secure if we drop the support of the algorithms which are weak and haven't 
manage to make it to Corretto.

https://github.com/corretto/amazon-corretto-crypto-provider/issues/315

[~mck] [~jwest] thoughts? 

My opinion is that I would ship it but I would not make it the default. We 
would default to JREProvider.

> Make Corretto Crypto Provider the Default
> -----------------------------------------
>
>                 Key: CASSANDRA-18624
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18624
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Dependencies
>            Reporter: Jordan West
>            Assignee: Ayushi Singh
>            Priority: Normal
>             Fix For: 5.x
>
>         Attachments: image.png
>
>          Time Spent: 28h
>  Remaining Estimate: 0h
>
> [Amazon Corretto Crypto Provider| 
> https://github.com/corretto/amazon-corretto-crypto-provider] is an 
> alternative provider of TLS and cryptographic functions that has significant 
> performance benefits for Cassandra. It is Apache 2.0 licensed and has been 
> deployed in several existing large fleets. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org