Github user tellison commented on the pull request:
https://github.com/apache/spark/pull/6282#issuecomment-105611100
@srowen well it comes down to the protocol and encryption that people
choose to use for their SSL connections. Some ciphers are stronger than
others, and some have been compromised by Poodle / Bar Mitzvah / Feak etc.
exploits.
The two names listed in the patch are common to IBM's and Oracle's
provider, but anyone who wanted to be serious about encryption should be
looking at the provider's supported set and choosing a set of names that are
well supported by clients and offer a high degree of security. That changes as
each new vulnerability is discovered, and indeed the set of supported cipher
suite names changes by JDK release.
To answer your question, this makes the SSLSampleConfig in the tests use
suite names that are more widely supported today, but people who configure an
SSLOptions (plus key store and trust store) for production use should not just
clone the test code, and these names used in the tests will likely need to be
reviewed as JDKs are updated.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
