GEODE-620 Geode SSL configuration is out of date In reviewing uses of SSL I found that SocketCreator did not have support for TLSv1.2 and that one of the test classes had a reference to an RC4-based cipher suite.
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/442718f4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/442718f4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/442718f4 Branch: refs/heads/feature/GEODE-1050 Commit: 442718f45f49add3c4b1e4d47049174f038663b3 Parents: d8f28d2 Author: Bruce Schuchardt <[email protected]> Authored: Wed Mar 16 15:57:55 2016 -0700 Committer: Bruce Schuchardt <[email protected]> Committed: Wed Mar 16 16:01:17 2016 -0700 ---------------------------------------------------------------------- .../src/main/java/com/gemstone/gemfire/internal/SocketCreator.java | 2 +- geode-core/src/test/java/security/SSLCredentialGenerator.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/442718f4/geode-core/src/main/java/com/gemstone/gemfire/internal/SocketCreator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/SocketCreator.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/SocketCreator.java index 5bfa7bd..458f41a 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/SocketCreator.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/SocketCreator.java @@ -571,7 +571,7 @@ public class SocketCreator { return c; } // lookup known algorithms - String[] knownAlgorithms = {"SSL", "SSLv2", "SSLv3", "TLS", "TLSv1", "TLSv1.1"}; + String[] knownAlgorithms = {"SSL", "SSLv2", "SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2"}; for (String algo : knownAlgorithms) { try { c = SSLContext.getInstance(algo); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/442718f4/geode-core/src/test/java/security/SSLCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/SSLCredentialGenerator.java b/geode-core/src/test/java/security/SSLCredentialGenerator.java index e547630..d05e963 100755 --- a/geode-core/src/test/java/security/SSLCredentialGenerator.java +++ b/geode-core/src/test/java/security/SSLCredentialGenerator.java @@ -76,7 +76,7 @@ public class SSLCredentialGenerator extends CredentialGenerator { Properties props = new Properties(); props.setProperty("ssl-enabled", "true"); props.setProperty("ssl-require-authentication", "true"); - props.setProperty("ssl-ciphers", "SSL_RSA_WITH_RC4_128_MD5"); + props.setProperty("ssl-ciphers", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"); props.setProperty("ssl-protocols", "TLSv1"); return props; }
