[
https://issues.apache.org/jira/browse/GEODE-8070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17102690#comment-17102690
]
ASF subversion and git services commented on GEODE-8070:
--------------------------------------------------------
Commit 5606fad531d5897d315e0d4172a54269598c396a in geode's branch
refs/heads/feature/GEODE-8070 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=5606fad ]
GEODE-8070: rework handling of "any" in SSLUtils
Rewrite of the sslContext location method to fix these problems:
requesting a specific but non-existent protocol would not result in an
exception
requesting "any" (the default) would result in a less-secure protocol
than is actually available (e.g., SSL instead of TLSv1.2)
I also changed processing so that if "any" is in the list but none of
the default protocols are available we continue to search through the
provided list. For instance, {X, any, Y} would result in a search for Y
if X and all of the default protocols cannot be found.
> rework handling of "any" in SSLUtils
> ------------------------------------
>
> Key: GEODE-8070
> URL: https://issues.apache.org/jira/browse/GEODE-8070
> Project: Geode
> Issue Type: Bug
> Components: membership
> Reporter: Bruce J Schuchardt
> Assignee: Bruce J Schuchardt
> Priority: Major
>
> SSLUtil has a list of "known" TLS protocols. It should support TLSv1.3.
>
> {noformat}
> // lookup known algorithms
> String[] knownAlgorithms = {"SSL", "SSLv2", "SSLv3", "TLS", "TLSv1",
> "TLSv1.1", "TLSv1.2"};
> for (String algo : knownAlgorithms) {
> try {
> sslContext = SSLContext.getInstance(algo);
> break;
> } catch (NoSuchAlgorithmException e) {
> // continue
> }
> } {noformat}
> We probably can't fully test this change since not all JDKs we test with
> support v1.3 at this time.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
