[
https://issues.apache.org/jira/browse/NUTCH-3030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17819171#comment-17819171
]
Martin Djukanovic commented on NUTCH-3030:
------------------------------------------
In my mind, the point of http.tls.supported.cipher.suites is for the user to
introduce restrictions, so the default should be as broad as possible and this
is something that should arguably not be done by exhaustive listing.
> Update default TLS cipher suites for http(s) protocol
> -----------------------------------------------------
>
> Key: NUTCH-3030
> URL: https://issues.apache.org/jira/browse/NUTCH-3030
> Project: Nutch
> Issue Type: Improvement
> Affects Versions: 1.19
> Reporter: Martin Djukanovic
> Assignee: Markus Jelsma
> Priority: Minor
> Attachments: NUTCH-3030.patch, default_ciphers_and_protocols-2.patch
>
>
> If http.tls.supported.cipher.suites is not set in the configuration, it
> defaults to a hard-coded list which is not exhaustive enough. I have
> encountered websites that exclusively use ciphers which are not included, so
> they could not be handled by protocol-http.
> I changed this list to the system default -- SSLSocketFactory's
> .getDefaultCipherSuites() to be precise. One could also use
> .getSupportedCipherSuites() here, I suppose.
> The original list should be moved to nutch-default.xml or omitted altogether.
> The protocol list is still hard-coded, but it is now also added to
> nutch-default.xml (so it can be easily changed manually if needed).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
