Github user anmolnar commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/184#discussion_r195537620
--- Diff: src/java/main/org/apache/zookeeper/common/X509Util.java ---
@@ -79,7 +91,7 @@
public X509Util() {
String cipherSuitesInput =
System.getProperty(cipherSuitesProperty);
if (cipherSuitesInput == null) {
- cipherSuites = null;
+ cipherSuites = getDefaultCipherSuites();
--- End diff --
Providing null as cipher suite list throws exception, but empty list is
accepted. In which case SSL won't work, because there's no enabled cipher suite
at all. Similarly if enabled suites and supported suites doesn't have anything
in common, SSL is broken.
I wouldn't intersect and wouldn't default on empty list. Just use whatever
the user provided and don't do magic which otherwise has to be documented
properly.
---
