[
https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16138259#comment-16138259
]
Ilya Kasnacheev commented on IGNITE-6167:
-----------------------------------------
[~jens.borgland] You can create your own subclass of SslContextFactory,
overriding create(), which will return your own SSLContext, overriding
getSocketFactory() and getServerSocketFactory() and returning custom socket
factories. Anything obvious I am missing? Seems doable. Of course the usability
of that solution is suboptimal.
> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled
> TLS protocols and cipher suites
> ------------------------------------------------------------------------------------------------------------
>
> Key: IGNITE-6167
> URL: https://issues.apache.org/jira/browse/IGNITE-6167
> Project: Ignite
> Issue Type: Wish
> Affects Versions: 2.1
> Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the
> {{javax.net.ssl.SSLContext}}, either specify a custom
> {{javax.net.ssl.SSLServerSocketFactory}} and a custom
> {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the
> enabled TLS protocols and cipher suites.
> I have noticed that the
> {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for
> the latter but I cannot find a way of getting a reference to the filter
> instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as
> far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled
> cipher suites and protocols used by Ignite, without doing it globally for the
> JRE.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
