[jira] Commented: (DERBY-2108) Implement SSL/TLS communication between client and server

Thu, 25 Jan 2007 13:30:09 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-2108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467643
 ] 

Bernt M. Johnsen commented on DERBY-2108:
-----------------------------------------

Thanks for the comments.

Bryan: I am reluctant to tie use of ssl to wether e.g. javax.net.ssl.trustStore 
is defined, since jsse is provider based and that the chosen parameter may not 
be  relevant for other providers than the one included in the JDK. 

On fallback to a clear-text connection: I think that should be up to the 
application to implement that, since we as DB implementors have no knowledge of 
the security requirements of the applictions that will use Derby. 

Dan: Since a plain text client talking to an SSL-listening server will receive 
some gibberish, you'll get some DRDA protocol error message from the client. I 
think that may be improved with a suggestion that it might be an SSL server on 
the other end, sinec it also may be some completely different application 
talking an arbitrary protocol.

Making servers listening both on an SSL-port and an plaintext port should be a 
pretty straightforward to implement. It means that two different instances 
ClientThread is needed. Should not be much work to do such an enahancement, 
although from a security point of view, I think the feature is of limited value.

> Implement SSL/TLS communication between client and server
> ---------------------------------------------------------
>
>                 Key: DERBY-2108
>                 URL: https://issues.apache.org/jira/browse/DERBY-2108
>             Project: Derby
>          Issue Type: New Feature
>          Components: Network Client, Network Server
>            Reporter: Bernt M. Johnsen
>         Assigned To: Bernt M. Johnsen
>             Fix For: 10.3.0.0
>
>         Attachments: DERBY-2108-first-cut.diff, DERBY-2108-first-cut.stat, 
> DERBY-2108-second-cut.diff, DERBY-2108-second-cut.stat, 
> DERBY-2108-third-cut.diff, DERBY-2108-third-cut.stat, SSLFuncSpect.txt
>
>
> Implement SSL/TLS communication between client and server

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to