Martin Djukanovic created NUTCH-3030:
----------------------------------------
Summary: Update default TLS cipher suites for http(s) protocol
Key: NUTCH-3030
URL: https://issues.apache.org/jira/browse/NUTCH-3030
Project: Nutch
Issue Type: Improvement
Affects Versions: 1.19
Reporter: Martin Djukanovic
Attachments: default_ciphers_and_protocols-2.patch
If http.tls.supported.cipher.suites is not set in the configuration, it
defaults to a hard-coded list which is not exhaustive enough. I have
encountered websites that exclusively use ciphers which are not included, so
they could not be handled by protocol-http.
I changed this list to the system default -- SSLSocketFactory's
.getDefaultCipherSuites() to be precise. One could also use
.getSupportedCipherSuites() here, I suppose.
The original list should be moved to nutch-default.xml or omitted altogether.
The protocol list is still hard-coded, but it is now also added to
nutch-default.xml (so it can be easily changed manually if needed).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
