[GitHub] tinkerpop pull request #912: TINKERPOP-2023 SSL Enhancements

Mon, 13 Aug 2018 12:40:06 -0700 

GitHub user robertdale opened a pull request:

    https://github.com/apache/tinkerpop/pull/912

    TINKERPOP-2023 SSL Enhancements

    https://issues.apache.org/jira/browse/TINKERPOP-2023
    
    Gremlin Server no longer supports automatically creating self-signed 
certificates.
    
    Cluster client no longer trusts all certs by default as this is an insecure 
configuration. (TINKERPOP-2022)
    If no trust store is configured, Cluster will use the default CA certs.
    To revert to the previous behavior and accept all certs, it must be 
explicitly configured.
    
    Introduces JKS and PKCS12 support. JKS is the legacy Java Key Store. PKCS12 
has better cross-platform support and is gaining in adoption. Be aware that JKS 
is the default on Java 8.  Java 9 and higher use PKCS12 as the default. Both 
Java keytool and OpenSSL tools can create, read, update PKCS12 files.
    
    Other new features include specifying SSL protocols and cipher suites.
    
    The packaged `*-secure.yaml` files now restrict the protocol to `TLSv1.2` 
by default.
    
    The implication of all of the above changes means that the packaged 
`*-secure.yaml` files no longer "just work". Minimally, the server files must 
be configured with a key/cert.
    
    PEM-based configurations are deprecated, to be removed in a future release.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/apache/tinkerpop TINKERPOP-2023

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/tinkerpop/pull/912.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #912
    
----
commit 14f99a46cc939d0dcfe0423a3db4611e90b0eb6f
Author: Robert Dale <robdale@...>
Date:   2018-08-12T01:12:50Z

    TINKERPOP-2023 new SSL client, server parameters

commit 317e81280ac1a2c1793d610f3e7fc538a00cab67
Author: Robert Dale <robdale@...>
Date:   2018-08-13T01:50:02Z

    TINKERPOP-2023 default to TLSv1.2, updated upgrade notes

commit 48347f235fa5b66268591732fe799ad0d14a4f8b
Author: Robert Dale <robdale@...>
Date:   2018-08-13T02:23:33Z

    TINKERPOP-2023 updated docs

commit 2da958b03dda0af828e8bccacac029e64c95c1cc
Author: Robert Dale <robdale@...>
Date:   2018-08-13T19:28:40Z

    TINKERPOP-2023 added tests and some fixes

----


---

Reply via email to