[ http://issues.apache.org/jira/browse/QPID-6?page=comments#action_12438677 ] John O'Hara commented on QPID-6: --------------------------------
Actually, SSL contains a lot of cipher suites. We should make the server warn when a weak cipther suite is selected by a client. We should also make the server negotiate down a list from strongest to weakest. Some regions of the world still bar strong crypto, so this should be a warning in the server log, not an error. > Need to make SSL options configurable > ------------------------------------- > > Key: QPID-6 > URL: http://issues.apache.org/jira/browse/QPID-6 > Project: Qpid > Issue Type: Improvement > Components: Java Broker > Reporter: Martin Ritchie > > In both the client and broker, the SSL support lacks the ability to configure > basically anything. > We need to be able to allow the user/administration to configure the > certificate, keystore and so on. > On the broker, look at org.amqp.blaze.server.protocol.AMQPFastProtocolHandler > line 97. From there trace into the org.amqp.blaze.ssl.BogusSSLContextFactory > which is the class that hardcodes stuff in a way that is very useful for a > dev environment! > Basically the task in this jira is to make this whole area fully > configurable. > -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
