lhotari commented on pull request #8581: URL: https://github.com/apache/pulsar/pull/8581#issuecomment-728679620
> What is the value returns before? @sijie For Java 8u272, Arrays.asList(sslEngine.getSupportedProtocols()).toString() returns `[TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2Hello]`. For Java 8u232, it's `[SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]`. [The `protocols` field in `KeyStoreSSLContext` was unused before](https://github.com/apache/pulsar/blob/5bbd44784a9e4bc58ee5025025d748b52b21825a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java#L79) and it's an old bug that the field was never used to configure the enabled TLS protocols for the SSLEngine. TLS `protocols` are properly passed in `NettyServerSslContextBuilder` class, so this has been a bug in the code that uses `KeyStoreSSLContext`. btw. The KeyStoreSSLContext class is also used for the web server. In those cases, [the protocols aren't configured and there's also a comment about it in the code](https://github.com/apache/pulsar/blob/5bbd44784a9e4bc58ee5025025d748b52b21825a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java#L247). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
