Robbie Gemmell created PROTON-1565:
--------------------------------------
Summary: dont throw if the anonymous ciphers are not supported
Key: PROTON-1565
URL: https://issues.apache.org/jira/browse/PROTON-1565
Project: Qpid Proton
Issue Type: Bug
Components: proton-j
Affects Versions: proton-j-0.20.0
Reporter: Robbie Gemmell
Assignee: Robbie Gemmell
Fix For: proton-j-0.21.0
When the 'anonymous peer' ssl verify mode is used the transport ssl wrapper
tries to additionally enable the anonymous ciphers and throws if it fails to
enable any of them. The JVM has config to control which ciphers are supported,
and if they aren't supported, they obviously can't be enabled; some
environments disable support for them by default, and others may explicitly
choose to. In that scenario the transport ssl layer fails to operate even where
an anonymous cipher wasn't ultimately going to be used (that exact scenario
observed in a test failure on Fedora26 with its packaged OpenJDK8).
As this situation isn't really much different than other scenarios a client and
server might fail to agree on a cipher and fail, it doesn't seem that it need
be special cased. Removing the throw would allow scenarios which could succeed
to continue on and do so, while those that would fail doing so.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
