[GitHub] zhouxinyu closed pull request #194: [ROCKETMQ-315]Enhance TLS default settings

GitBox Fri, 01 Dec 2017 03:53:47 -0800

zhouxinyu closed pull request #194: [ROCKETMQ-315]Enhance TLS default settings
URL: https://github.com/apache/rocketmq/pull/194


This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java 
b/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java
index e9237b67..a066652d 100644
--- a/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java
+++ b/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java
@@ -98,7 +98,7 @@ public static BrokerController 
createBrokerController(String[] args) {
             final BrokerConfig brokerConfig = new BrokerConfig();
             final NettyServerConfig nettyServerConfig = new 
NettyServerConfig();
             final NettyClientConfig nettyClientConfig = new 
NettyClientConfig();
-            nettyClientConfig.setUseTLS(NettySystemConfig.sslMode != 
SslMode.DISABLED);
+            nettyClientConfig.setUseTLS(NettySystemConfig.sslMode == 
SslMode.ENFORCING);
             nettyServerConfig.setListenPort(10911);
             final MessageStoreConfig messageStoreConfig = new 
MessageStoreConfig();
 
diff --git 
a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java
 
b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java
index 28a7f275..b9c1f3fa 100644
--- 
a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java
+++ 
b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java
@@ -57,7 +57,7 @@
      * </ol>
      */
     public static SslMode sslMode = //
-        
SslMode.parse(System.getProperty(ORG_APACHE_ROCKETMQ_REMOTING_SSL_MODE, 
"disabled"));
+        
SslMode.parse(System.getProperty(ORG_APACHE_ROCKETMQ_REMOTING_SSL_MODE, 
"permissive"));
 
     public static String sslConfigFile = //
         System.getProperty(ORG_APACHE_ROCKETMQ_REMOTING_SSL_CONFIG_FILE, 
"/etc/rocketmq/ssl.properties");


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

[GitHub] zhouxinyu closed pull request #194: [ROCKETMQ-315]Enhance TLS default settings

Reply via email to