On 30.09.2015 11:18, Nikolay Tikhonov wrote: > SslContextFactory allows to set different encryption protocols (by default > TLS). I think that just "ssl" confuses users. Might be "ssl\tls=off" more > acceptable?
SSL is one (rather old) specification of Transport Layer Security (TLS). These days, you shouldn't be using any version of the SSL protocol; they all have unfixable security holes. To be moderately safe, you should implement TLS v1.2 with fallback allowed to TLS v1.0 but not lower. Even then, certificates should use at least SHA256, preferably SHA512; SHA1 is no longer considered secure. I don't recall offhand which ciphers are considered secure, but there aren't very many of them. -- Brane > On Wed, Sep 30, 2015 at 11:53 AM, Dmitriy Setrakyan <dsetrak...@apache.org> > wrote: > >> On Wed, Sep 30, 2015 at 10:18 AM, Alexey Goncharuk < >> alexey.goncha...@gmail.com> wrote: >> >>> Given that encryption is enabled by setting SslContextFactory, I believe >>> that SSL is the only option. I am +1 for changing the output. >>> >> I changed it and committed to master. >> >> >>> 2015-09-30 10:21 GMT+03:00 Dmitriy Setrakyan <dsetrak...@apache.org>: >>> >>>> On Wed, Sep 30, 2015 at 8:01 AM, Sergey Kozlov <skoz...@gridgain.com> >>>> wrote: >>>> >>>>> On Wed, Sep 30, 2015 at 4:51 AM, Dmitriy Setrakyan < >>>> dsetrak...@apache.org> >>>>> wrote: >>>>> >>>>>> I got the following printout on 1.4 startup: >>>>>> --------- >>>>>> Security status [authentication=off, communication encryption=off] >>>>>> --------- >>>>>> >>>>>> Do we mean SSL by "communication encryption"? If yes, shouldn't we >>> just >>>>> say >>>>>> "ssl=off"? >>>>> >>>>>> D. >>>>>> >>>>> Yes, in that case communication encryption is SSL >>>>> >>>> Do we have another case? If not, let's rename to "ssl", shorter and to >>> the >>>> point. I think this can be done directly in the master. Any objections? >>>> >>>>> -- >>>>> Sergey Kozlov >>>>>
