[ https://issues.apache.org/jira/browse/GEODE-8070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17102690#comment-17102690 ]
ASF subversion and git services commented on GEODE-8070: -------------------------------------------------------- Commit 5606fad531d5897d315e0d4172a54269598c396a in geode's branch refs/heads/feature/GEODE-8070 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=5606fad ] GEODE-8070: rework handling of "any" in SSLUtils Rewrite of the sslContext location method to fix these problems: requesting a specific but non-existent protocol would not result in an exception requesting "any" (the default) would result in a less-secure protocol than is actually available (e.g., SSL instead of TLSv1.2) I also changed processing so that if "any" is in the list but none of the default protocols are available we continue to search through the provided list. For instance, {X, any, Y} would result in a search for Y if X and all of the default protocols cannot be found. > rework handling of "any" in SSLUtils > ------------------------------------ > > Key: GEODE-8070 > URL: https://issues.apache.org/jira/browse/GEODE-8070 > Project: Geode > Issue Type: Bug > Components: membership > Reporter: Bruce J Schuchardt > Assignee: Bruce J Schuchardt > Priority: Major > > SSLUtil has a list of "known" TLS protocols. It should support TLSv1.3. > > {noformat} > // lookup known algorithms > String[] knownAlgorithms = {"SSL", "SSLv2", "SSLv3", "TLS", "TLSv1", > "TLSv1.1", "TLSv1.2"}; > for (String algo : knownAlgorithms) { > try { > sslContext = SSLContext.getInstance(algo); > break; > } catch (NoSuchAlgorithmException e) { > // continue > } > } {noformat} > We probably can't fully test this change since not all JDKs we test with > support v1.3 at this time. -- This message was sent by Atlassian Jira (v8.3.4#803005)