[jira] [Commented] (PROTON-1565) dont throw if the anonymous ciphers are not supported

Thu, 31 Aug 2017 04:02:00 -0700 

    [ 
https://issues.apache.org/jira/browse/PROTON-1565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16148829#comment-16148829
 ] 

ASF subversion and git services commented on PROTON-1565:
---------------------------------------------------------

Commit 8417d9a80990ccd40c89c66edc90b2b0a9fbdfd2 in qpid-proton-j's branch 
refs/heads/master from [~gemmellr]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-proton-j.git;h=8417d9a ]

PROTON-1565: don't throw if the anonymous ciphers are not supported


> dont throw if the anonymous ciphers are not supported
> -----------------------------------------------------
>
>                 Key: PROTON-1565
>                 URL: https://issues.apache.org/jira/browse/PROTON-1565
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-j
>    Affects Versions: proton-j-0.20.0
>            Reporter: Robbie Gemmell
>            Assignee: Robbie Gemmell
>             Fix For: proton-j-0.21.0
>
>
> When the 'anonymous peer' ssl verify mode is used the transport ssl wrapper 
> tries to additionally enable the anonymous ciphers and throws if it fails to 
> enable any of them. The JVM has config to control which ciphers are 
> supported, and if they aren't supported, they obviously can't be enabled; 
> some environments disable support for them by default, and others may 
> explicitly choose to. In that scenario the transport ssl layer fails to 
> operate even where an anonymous cipher wasn't ultimately going to be used 
> (that exact scenario observed in a test failure on Fedora26 with its packaged 
> OpenJDK8).
> As this situation isn't really much different than other scenarios a client 
> and server might fail to agree on a cipher and fail, it doesn't seem that it 
> need be special cased. Removing the throw would allow scenarios which could 
> succeed to continue on and do so, while those that would fail doing so.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to