[jira] [Commented] (GEODE-8419) SSL/TLS protocol and cipher suite configuration is ignored

Tue, 18 Aug 2020 16:01:01 -0700 


    [ 
https://issues.apache.org/jira/browse/GEODE-8419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17180151#comment-17180151
 ] 

ASF GitHub Bot commented on GEODE-8419:
---------------------------------------

bschuchardt commented on a change in pull request #5465:
URL: https://github.com/apache/geode/pull/5465#discussion_r472539017



##########
File path: 
geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
##########
@@ -98,6 +102,30 @@ private void testBindExceptionMessageFormatting(InetAddress 
inetAddress) throws
     }
   }
 
+  @Test
+  public void configureSSLEngine() {
+    SSLConfig config = new 
SSLConfig.Builder().setCiphers("someCipher").setEnabled(true)

Review comment:
       Yes!  I'm having lots of "fun" with "any" this week and that's an 
excellent idea.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> SSL/TLS protocol and cipher suite configuration is ignored
> ----------------------------------------------------------
>
>                 Key: GEODE-8419
>                 URL: https://issues.apache.org/jira/browse/GEODE-8419
>             Project: Geode
>          Issue Type: Bug
>          Components: client/server, membership, security
>    Affects Versions: 1.10.0, 1.11.0, 1.12.0, 1.13.0, 1.14.0
>            Reporter: Jacob Barrett
>            Assignee: Bruce J Schuchardt
>            Priority: Major
>              Labels: pull-request-available
>
> Configuring {{ssl-protocols}} or {{ssl-ciphers}} properties, or per-component 
> ssl properties, have no effect. Configuring {{ssl-protocols}} may effect the 
> {{SSLContext}} selected and limit some of the protocols allowed but does not 
> restrict to just the set specified in the property. The {{ssl-ciphers}} 
> property does not limit cipher selection at all.
> The result is that all ciphers allowed under the match {{SSLContext}} are 
> allowed and negotiated. This can result in an unintended cipher being used in 
> SSL/TLS communication. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to