The ssl.properties should be configurable from user perspective. I don't think put those files into the resources to release is best practices. Please go ahead remove it by adding the issue link of netty.
Willem Jiang Twitter: willemjiang Weibo: 姜宁willem On Thu, Nov 14, 2019 at 9:50 PM Zhang Lei <coolbee...@gmail.com> wrote: > > Hi, Pack Team > > Netty provides native socket transport[1] for Linux and macOS, In order to > support it, I need to upgrade Netty to the new version. But there are some > problems[2] with the SSL test case after the upgrade. > > Boringssl does not support cipher ECDHE-ECDSA-AES128-SHA256, You can see it > in this commit [3] > > ECDHE-ECDSA-AES128-SHA256 is openssl cipher name and > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is RFC cipher name, they are the > same > > So I recommend removing cipher ECDHE-ECDSA-AES128-SHA256 from the file > below. > https://github.com/apache/servicecomb-pack/blob/master/omega/omega-connector/omega-connector-grpc/src/main/resources/ssl.properties > https://github.com/apache/servicecomb-pack/blob/master/omega/omega-connector/omega-connector-grpc/src/test/java/org/apache/servicecomb/pack/omega/connector/grpc/saga/SagaLoadBalanceSenderWithTLSTest.java > https://github.com/apache/servicecomb-pack/blob/master/alpha/alpha-server/src/main/resources/ssl.properties > https://github.com/apache/servicecomb-pack/blob/master/alpha/alpha-server/src/test/java/org/apache/servicecomb/pack/alpha/server/AlphaIntegrationWithSSLTest.java > > > [1] https://netty.io/wiki/native-transports.html > [2] https://github.com/netty/netty/issues/9775 > [3] > https://github.com/google/boringssl/commit/6e678eeb6e76171712ae00d467321b6fe196152d > > > Best regards, > Lei Zhang
