[ https://issues.apache.org/jira/browse/CASSANDRA-18624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17747118#comment-17747118 ]
Stefan Miklosovic edited comment on CASSANDRA-18624 at 7/25/23 7:58 PM: ------------------------------------------------------------------------ I asked Corretto guys directly and the answer is quite interesting. As I read it, Corretto is trully a subset but on the other hand they are not supporting protocols which are considered weak. So we are actually making Cassandra more secure if we drop the support of the algorithms which are weak and haven't manage to make it to Corretto. https://github.com/corretto/amazon-corretto-crypto-provider/issues/315 [~mck] [~jwest] thoughts? My opinion is that I would ship it but I would not make it the default. We would default to JREProvider. We might deprecate the usage of in-JRE crypto provider and we would make it default in 6.0 but that is really just an idea. I am completely fine with shipping it and not making it default and not deprecate anything for ever. was (Author: smiklosovic): I asked Corretto guys directly and the answer is quite interesting. As I read it, Corretto is trully a subset but on the other hand they are not supporting protocols which are considered weak. So we are actually making Cassandra more secure if we drop the support of the algorithms which are weak and haven't manage to make it to Corretto. https://github.com/corretto/amazon-corretto-crypto-provider/issues/315 [~mck] [~jwest] thoughts? My opinion is that I would ship it but I would not make it the default. We would default to JREProvider. > Make Corretto Crypto Provider the Default > ----------------------------------------- > > Key: CASSANDRA-18624 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18624 > Project: Cassandra > Issue Type: Improvement > Components: Dependencies > Reporter: Jordan West > Assignee: Ayushi Singh > Priority: Normal > Fix For: 5.x > > Attachments: image.png > > Time Spent: 28h > Remaining Estimate: 0h > > [Amazon Corretto Crypto Provider| > https://github.com/corretto/amazon-corretto-crypto-provider] is an > alternative provider of TLS and cryptographic functions that has significant > performance benefits for Cassandra. It is Apache 2.0 licensed and has been > deployed in several existing large fleets. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org