date:20201203

Re: Geronimo Java Mail 1.6 in TomEE 8.0.5 -> TLS 1.2 / 1.3 Support?

2020-12-03 Thread Bernd Eckenfels

Hello,

Yes I agree, the ciphers would be its own (security) issue.

 and it might be not so simple to fix as Mail servers are notoriously outdated 
and TLS-sloppy. Luckily JDK has already some provisions for demoting 
old/deprecated ciphers and also disable most of the not useable insecure ones 
in the supported list (but still this weakening of the JDK defaults should be 
opt-in).

BTW i haven’t checked all of the code, if you are requesting TLS context, there 
might be another point to look out for protocol names (very unfortunate API 
design I must say). I imagine this might be needed for STARTLS code?

Gruss
Bernd


--
http://bernd.eckenfels.net


Von: Zowalla, Richard 
Gesendet: Donnerstag, Dezember 3, 2020 1:48 PM
An: dev@geronimo.apache.org
Betreff: Re: Re: Geronimo Java Mail 1.6 in TomEE 8.0.5 -> TLS 1.2 / 1.3 Support?

Hi Bernd,

@1: I think the original intention of the code (before the PR) was to
disallow the use of sslv2 or sslv3 for the tls handling code thus the
hard-coding to tlsv1 as ssl is handled in another part of the class.
But I agree, that we could remove the "else" and consequently all kind
of hard-coded TLS config. In this way, we would trust in the jdk
defaults.

@2: I think, that the aspect related to cyphers would be a separate
issue / PR. I agree, that enabling all available cyphers (L602/L603) is
not a good idea in general, but this code hasn't changed in the
proposed PR :)


wdyt?

Best
Richard

Am Donnerstag, den 03.12.2020, 12:11 + schrieb Bernd Eckenfels:
> Hello,
>
> Allowing protocols to be configured is good, but I am not sure why
> you fall back to a hand selected list of no configuration is given,
> why not simply use the JDK defaults, they are frequently adjusted
> (just recently the older TLS versions get removed).
>
> Along this line, why enable all supported ciphers? There is a good
> reason why the JDK disables many. I would stick to the default
> ciphers (and protocols).
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
>
> Von: Zowalla, Richard 
> Gesendet: Mittwoch, Dezember 2, 2020 4:57 PM
> An: dev@geronimo.apache.org
> Betreff: Re: Re: Geronimo Java Mail 1.6 in TomEE 8.0.5 -> TLS 1.2 /
> 1.3 Support?
>
> Should be fixed now.
>
> Am Mittwoch, den 02.12.2020, 15:32 + schrieb Zowalla, Richard:
> > It is indeed
> >
> > mail..ssl.socketFactory.class
> >
> > (see line 88, MailConnection#MAIL_SSL_FACTORY_CLASS -> uses
> > reflection to create an instance of the specified factory.
> >
> > or
> >
> > mail..ssl.socketFactory
> >
> > (which requires adding a pre-configured and instantiated factory
> > instance into the properties of the mail session)
> >
> > To be complete, I will add this way to the README as well.
> >
> > Am Mittwoch, den 02.12.2020, 16:24 +0100 schrieb Romain Manni-
> Bucau:
> > > Isnt the property mail..ssl.socketFactory ?
> > >
> > > Romain Manni-Bucau
> > > @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
> > >
> > >
> > > Le mer. 2 déc. 2020 à 16:09, Zowalla, Richard <
> > > richard.zowa...@hs-heilbronn.de> a écrit :
> > > > Okay. Thanks for the feedback - today, I learned a lot about
> the
> > > > insides of Javamail :)
> > > >
> > > > I have updated my PR:
> > > >
> > > > - Updated README.txt to contain some documentation about
> setting
> > > > a
> > > > custom ssl socket factory
> > > > - Dropped TLSv1 in the fallback protocols (if no custom set
> > > > properties
> > > > are present)
> > > >
> > > > Thanks,
> > > > Richard
> > > >
> > > >
> > > > Am Mittwoch, den 02.12.2020, 15:29 +0100 schrieb Romain Manni-
> > > > Bucau:
> > > > > Guess you can just create a readme in the geronimo-javamail
> > > > root
> > > > > project, will be sufficient as a first step.
> > > > > Abou he default I wonder if dropping tlsv1 cant be good since
> > > > it will
> > > > > be dropped soon?
> > > > > Otherwise just adding the missing "o" in protocols i'm fine
> > > > with your
> > > > > proposal.
> > > > >
> > > > > We need to refine if we do a javamail subsite or a generic
> spec
> > > > > subsite sill :s.
> > > > >
> > > > > Romain Manni-Bucau
> > > > > @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
> > > > >
> > > > >
> > > > > Le mer. 2 déc. 2020 à 15:26, Zowalla, Richard <
> > > > > richard.zowa...@hs-heilbronn.de> a écrit :
> > > > > > I updated the diff (cf. v2) to (hopefully) address the
> > > > concerns
> > > > > > raised
> > > > > > (if I understood them correctly).
> > > > > >
> > > > > > If you point me to a location where I can add a README /
> > > > > > documentation,
> > > > > > I would be happy to fill another JIRA with a related PR to
> > > > document
> > > > > > the
> > > > > > usage of the custom ssl socket factory.
> > > > > >
> > > > > > Am Mittwoch, den 02.12.2020, 13:58 + schrieb Zowalla,
> > > > Richard:
> > > > > > > Thanks for your thoughs - I think, I get the idea.
> > > > > > >
> > > > > > > Maybe:
> > > > > > >
> > > > > > > - Using "mail.smtp.ssl.protocls" to

[RESULT] [VOTE] Release geronimo-openapi-1.0.14

2020-12-03 Thread Romain Manni-Bucau

So this vote passes since we passed the 3 days and we have enough bindings
for a total of 7 +1 (no other votes).

Thank you all!

Romain Manni-Bucau
@rmannibucau  |  Blog
 | Old Blog
 | Github  |
LinkedIn  | Book



Le jeu. 3 déc. 2020 à 17:49, Jean-Louis MONTEIRO  a
écrit :

> +1
>
> Le jeu. 3 déc. 2020 à 17:40, Romain Manni-Bucau  a
> écrit :
>
>> My own +1
>>
>> Romain Manni-Bucau
>> @rmannibucau  |  Blog
>>  | Old Blog
>>  | Github
>>  | LinkedIn
>>  | Book
>> 
>>
>>
>> Le lun. 30 nov. 2020 à 16:06, Daniel Dias Dos Santos <
>> daniel.dias.analist...@gmail.com> a écrit :
>>
>>> +1
>>>
>>> On Mon, Nov 30, 2020, 11:10 Daniel Cunha  wrote:
>>>
 +1

 Em seg., 30 de nov. de 2020 às 10:32, Francois Papon <
 francois.pa...@openobject.fr> escreveu:

> +1 (non-binding)
>
> regards,
>
> Françoisfpa...@apache.org
>
> Le 30/11/2020 à 11:53, Romain Manni-Bucau a écrit :
>
> Hi everyone,
>
> Here is the vote for Geronimo OpenAPI 1.0.14.
> Here is the changelog:
>
> 1–4 of 4View in Issue Navigator
> 
> P T Key Summary Assignee Status
> [image: Major] [image: Task] GERONIMO-6786
>  Support
> @BeanParam  Romain
> Manni-Bucau
> 
> RESOLVED
> [image: Major] [image: Bug] GERONIMO-6787
>  openapi.json
> should land in META-INF/resources by default not META-INF/classes
>  Romain
> Manni-Bucau
> 
> RESOLVED
> [image: Major] [image: Task] GERONIMO-6788
>  Make JAXRS
> optional for schema processor + support BigDecimal/BigInteger and Object
>  Romain
> Manni-Bucau
> 
> RESOLVED
> [image: Major] [image: New Feature] GERONIMO-6790
>  Enable to use
> SchemaProcessor without jaxrs
>  Romain
> Manni-Bucau
> 
> RESOLVED
> 1–4 of 4
>
> Here is the staging repo:
> https://repository.apache.org/content/repositories/orgapachegeronimo-1135/
> Here is the dist area:
> https://dist.apache.org/repos/dist/dev/geronimo/openapi/
> Here is the tag:
> https://gitbox.apache.org/repos/asf?p=geronimo-openapi.git;a=commit;h=ed7112a2fea3c38b1bbe80d7ff534a0af49fa619
> My key is the same than last times.
>
> Please vote:
>
> [ ] +1 release it
> [ ] -1 ${cause}
>
> Vote will be opened for 3 days or until we get 3 +1 bindings.
>
> Romain Manni-Bucau
> @rmannibucau  |  Blog
>  | Old Blog
>  | Github
>  | LinkedIn
>  | Book
> 
>
>

 --
 Daniel "soro" Cunha
 https://twitter.com/dvlc_

>>>
>
> --
> Jean-Louis
>

Re: [VOTE] Release geronimo-openapi-1.0.14

2020-12-03 Thread Jean-Louis MONTEIRO

+1

Le jeu. 3 déc. 2020 à 17:40, Romain Manni-Bucau  a
écrit :

> My own +1
>
> Romain Manni-Bucau
> @rmannibucau  |  Blog
>  | Old Blog
>  | Github
>  | LinkedIn
>  | Book
> 
>
>
> Le lun. 30 nov. 2020 à 16:06, Daniel Dias Dos Santos <
> daniel.dias.analist...@gmail.com> a écrit :
>
>> +1
>>
>> On Mon, Nov 30, 2020, 11:10 Daniel Cunha  wrote:
>>
>>> +1
>>>
>>> Em seg., 30 de nov. de 2020 às 10:32, Francois Papon <
>>> francois.pa...@openobject.fr> escreveu:
>>>
 +1 (non-binding)

 regards,

 Françoisfpa...@apache.org

 Le 30/11/2020 à 11:53, Romain Manni-Bucau a écrit :

 Hi everyone,

 Here is the vote for Geronimo OpenAPI 1.0.14.
 Here is the changelog:

 1–4 of 4View in Issue Navigator
 
 P T Key Summary Assignee Status
 [image: Major] [image: Task] GERONIMO-6786
  Support
 @BeanParam  Romain
 Manni-Bucau
 
 RESOLVED
 [image: Major] [image: Bug] GERONIMO-6787
  openapi.json
 should land in META-INF/resources by default not META-INF/classes
  Romain
 Manni-Bucau
 
 RESOLVED
 [image: Major] [image: Task] GERONIMO-6788
  Make JAXRS
 optional for schema processor + support BigDecimal/BigInteger and Object
  Romain
 Manni-Bucau
 
 RESOLVED
 [image: Major] [image: New Feature] GERONIMO-6790
  Enable to use
 SchemaProcessor without jaxrs
  Romain
 Manni-Bucau
 
 RESOLVED
 1–4 of 4

 Here is the staging repo:
 https://repository.apache.org/content/repositories/orgapachegeronimo-1135/
 Here is the dist area:
 https://dist.apache.org/repos/dist/dev/geronimo/openapi/
 Here is the tag:
 https://gitbox.apache.org/repos/asf?p=geronimo-openapi.git;a=commit;h=ed7112a2fea3c38b1bbe80d7ff534a0af49fa619
 My key is the same than last times.

 Please vote:

 [ ] +1 release it
 [ ] -1 ${cause}

 Vote will be opened for 3 days or until we get 3 +1 bindings.

 Romain Manni-Bucau
 @rmannibucau  |  Blog
  | Old Blog
  | Github
  | LinkedIn
  | Book
 


>>>
>>> --
>>> Daniel "soro" Cunha
>>> https://twitter.com/dvlc_
>>>
>>

-- 
Jean-Louis

Re: [VOTE] Release geronimo-openapi-1.0.14

2020-12-03 Thread Romain Manni-Bucau

My own +1

Romain Manni-Bucau
@rmannibucau  |  Blog
 | Old Blog
 | Github  |
LinkedIn  | Book



Le lun. 30 nov. 2020 à 16:06, Daniel Dias Dos Santos <
daniel.dias.analist...@gmail.com> a écrit :

> +1
>
> On Mon, Nov 30, 2020, 11:10 Daniel Cunha  wrote:
>
>> +1
>>
>> Em seg., 30 de nov. de 2020 às 10:32, Francois Papon <
>> francois.pa...@openobject.fr> escreveu:
>>
>>> +1 (non-binding)
>>>
>>> regards,
>>>
>>> Françoisfpa...@apache.org
>>>
>>> Le 30/11/2020 à 11:53, Romain Manni-Bucau a écrit :
>>>
>>> Hi everyone,
>>>
>>> Here is the vote for Geronimo OpenAPI 1.0.14.
>>> Here is the changelog:
>>>
>>> 1–4 of 4View in Issue Navigator
>>> 
>>> P T Key Summary Assignee Status
>>> [image: Major] [image: Task] GERONIMO-6786
>>>  Support @BeanParam
>>>  Romain Manni-Bucau
>>> 
>>> RESOLVED
>>> [image: Major] [image: Bug] GERONIMO-6787
>>>  openapi.json
>>> should land in META-INF/resources by default not META-INF/classes
>>>  Romain Manni-Bucau
>>> 
>>> RESOLVED
>>> [image: Major] [image: Task] GERONIMO-6788
>>>  Make JAXRS
>>> optional for schema processor + support BigDecimal/BigInteger and Object
>>>  Romain Manni-Bucau
>>> 
>>> RESOLVED
>>> [image: Major] [image: New Feature] GERONIMO-6790
>>>  Enable to use
>>> SchemaProcessor without jaxrs
>>>  Romain Manni-Bucau
>>> 
>>> RESOLVED
>>> 1–4 of 4
>>>
>>> Here is the staging repo:
>>> https://repository.apache.org/content/repositories/orgapachegeronimo-1135/
>>> Here is the dist area:
>>> https://dist.apache.org/repos/dist/dev/geronimo/openapi/
>>> Here is the tag:
>>> https://gitbox.apache.org/repos/asf?p=geronimo-openapi.git;a=commit;h=ed7112a2fea3c38b1bbe80d7ff534a0af49fa619
>>> My key is the same than last times.
>>>
>>> Please vote:
>>>
>>> [ ] +1 release it
>>> [ ] -1 ${cause}
>>>
>>> Vote will be opened for 3 days or until we get 3 +1 bindings.
>>>
>>> Romain Manni-Bucau
>>> @rmannibucau  |  Blog
>>>  | Old Blog
>>>  | Github
>>>  | LinkedIn
>>>  | Book
>>> 
>>>
>>>
>>
>> --
>> Daniel "soro" Cunha
>> https://twitter.com/dvlc_
>>
>

[jira] [Commented] (GERONIMO-6792) Fix hard-coded TLSv1 version in MailConnection.java for Java Mail 1.6

2020-12-03 Thread Richard Zowalla (Jira)



[ 
https://issues.apache.org/jira/browse/GERONIMO-6792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17243205#comment-17243205
 ] 

Richard Zowalla commented on GERONIMO-6792:
---

Based on the discussion on the mailing list and the comments by [~b.eckenfels], 
I have provided an alternative diff (*GERONIMO-6792-v4-no-hardcoding.diff*), 
which uses the enabled protocols of the SSLSockets *as is* (and logs them as 
debug output).

Reason(s):
 * SSLSocket might be created by a custom factory. Consequently, we shouldn't 
simply override the enabled protocols by a static list.
 * In the most common case (no custom factory), the SSLSocket is created with 
JVM defaults, which are continously updated. Thx [~b.eckenfels] for the hint.

 

 

> Fix hard-coded TLSv1 version in MailConnection.java for Java Mail 1.6
> -
>
> Key: GERONIMO-6792
> URL: https://issues.apache.org/jira/browse/GERONIMO-6792
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: mail
>Reporter: Richard Zowalla
>Priority: Major
> Attachments: GERONIMO-6792-v4-no-hardcoding.diff, 
> GERONIMO-6792-v4.diff
>
>
> Hi,
> I encountered some issues when using Geronimo Java Mail 1.6 (1.0.0) bundled 
> with TomEE 8.0.5. The related thread [1] can be found on the 
> [us...@tomee.apache.org|mailto:us...@tomee.apache.org] Mailing-List.
> In short: 
>  * Our mail server does only support TLS 1.2 or TLS 1.3
>  * Geronimo Java Mail 1.6 in version 1.0.0 has TLS 1.0 hard-coded in the 
> source and does not use the default protocols or the specified ones via 
> *mail.smtp.ssl.protocols* for a TLS connection.
> I have attached a patch created via SVN DIFF. 
> [1] [https://www.mail-archive.com/users@tomee.apache.org/msg17544.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (GERONIMO-6792) Fix hard-coded TLSv1 version in MailConnection.java for Java Mail 1.6

2020-12-03 Thread Richard Zowalla (Jira)



 [ 
https://issues.apache.org/jira/browse/GERONIMO-6792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Richard Zowalla updated GERONIMO-6792:
--
Attachment: GERONIMO-6792-v4-no-hardcoding.diff

> Fix hard-coded TLSv1 version in MailConnection.java for Java Mail 1.6
> -
>
> Key: GERONIMO-6792
> URL: https://issues.apache.org/jira/browse/GERONIMO-6792
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: mail
>Reporter: Richard Zowalla
>Priority: Major
> Attachments: GERONIMO-6792-v4-no-hardcoding.diff, 
> GERONIMO-6792-v4.diff
>
>
> Hi,
> I encountered some issues when using Geronimo Java Mail 1.6 (1.0.0) bundled 
> with TomEE 8.0.5. The related thread [1] can be found on the 
> [us...@tomee.apache.org|mailto:us...@tomee.apache.org] Mailing-List.
> In short: 
>  * Our mail server does only support TLS 1.2 or TLS 1.3
>  * Geronimo Java Mail 1.6 in version 1.0.0 has TLS 1.0 hard-coded in the 
> source and does not use the default protocols or the specified ones via 
> *mail.smtp.ssl.protocols* for a TLS connection.
> I have attached a patch created via SVN DIFF. 
> [1] [https://www.mail-archive.com/users@tomee.apache.org/msg17544.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Re: Geronimo Java Mail 1.6 in TomEE 8.0.5 -> TLS 1.2 / 1.3 Support?

2020-12-03 Thread Zowalla, Richard

Hi Bernd,

@1: I think the original intention of the code (before the PR) was to
disallow the use of sslv2 or sslv3 for the tls handling code thus the
hard-coding to tlsv1 as ssl is handled in another part of the class.
But I agree, that we could remove the "else" and consequently all kind
of hard-coded TLS config. In this way, we would trust in the jdk
defaults. 

@2: I think, that the aspect related to cyphers would be a separate
issue / PR. I agree, that enabling all available cyphers (L602/L603) is
not a good idea in general, but this code hasn't changed in the
proposed PR :)


wdyt?

Best
Richard

Am Donnerstag, den 03.12.2020, 12:11 + schrieb Bernd Eckenfels:
> Hello,
> 
> Allowing protocols to be configured is good, but I am not sure why
> you fall back to a hand selected list of no configuration is given,
> why not simply use the JDK defaults, they are frequently adjusted
> (just recently the older TLS versions get removed).
> 
> Along this line, why enable all supported ciphers? There is a good
> reason why the JDK disables many. I would stick to the default
> ciphers (and protocols).
> 
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
>  
> Von: Zowalla, Richard 
> Gesendet: Mittwoch, Dezember 2, 2020 4:57 PM
> An: dev@geronimo.apache.org
> Betreff: Re: Re: Geronimo Java Mail 1.6 in TomEE 8.0.5 -> TLS 1.2 /
> 1.3 Support?
>  
> Should be fixed now.
> 
> Am Mittwoch, den 02.12.2020, 15:32 + schrieb Zowalla, Richard:
> > It is indeed
> > 
> > mail..ssl.socketFactory.class
> > 
> > (see line 88, MailConnection#MAIL_SSL_FACTORY_CLASS -> uses
> > reflection to create an instance of the specified factory.
> > 
> > or
> > 
> > mail..ssl.socketFactory
> > 
> > (which requires adding a pre-configured and instantiated factory
> > instance into the properties of the mail session)
> > 
> > To be complete, I will add this way to the README as well.
> > 
> > Am Mittwoch, den 02.12.2020, 16:24 +0100 schrieb Romain Manni-
> Bucau:
> > > Isnt the property mail..ssl.socketFactory ?
> > > 
> > > Romain Manni-Bucau
> > > @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
> > > 
> > > 
> > > Le mer. 2 déc. 2020 à 16:09, Zowalla, Richard <
> > > richard.zowa...@hs-heilbronn.de> a écrit :
> > > > Okay. Thanks for the feedback - today, I learned a lot about
> the
> > > > insides of Javamail :)
> > > > 
> > > > I have updated my PR:
> > > > 
> > > > - Updated README.txt to contain some documentation about
> setting
> > > > a
> > > > custom ssl socket factory
> > > > - Dropped TLSv1 in the fallback protocols (if no custom set
> > > > properties
> > > > are present)
> > > > 
> > > > Thanks,
> > > > Richard
> > > > 
> > > > 
> > > > Am Mittwoch, den 02.12.2020, 15:29 +0100 schrieb Romain Manni-
> > > > Bucau:
> > > > > Guess you can just create a readme in the geronimo-javamail
> > > > root
> > > > > project, will be sufficient as a first step.
> > > > > Abou he default I wonder if dropping tlsv1 cant be good since
> > > > it will
> > > > > be dropped soon?
> > > > > Otherwise just adding the missing "o" in protocols i'm fine
> > > > with your
> > > > > proposal.
> > > > > 
> > > > > We need to refine if we do a javamail subsite or a generic
> spec
> > > > > subsite sill :s.
> > > > > 
> > > > > Romain Manni-Bucau
> > > > > @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
> > > > > 
> > > > > 
> > > > > Le mer. 2 déc. 2020 à 15:26, Zowalla, Richard <
> > > > > richard.zowa...@hs-heilbronn.de> a écrit :
> > > > > > I updated the diff (cf. v2) to (hopefully) address the
> > > > concerns
> > > > > > raised
> > > > > > (if I understood them correctly).
> > > > > > 
> > > > > > If you point me to a location where I can add a README /
> > > > > > documentation,
> > > > > > I would be happy to fill another JIRA with a related PR to
> > > > document
> > > > > > the
> > > > > > usage of the custom ssl socket factory.
> > > > > > 
> > > > > > Am Mittwoch, den 02.12.2020, 13:58 + schrieb Zowalla,
> > > > Richard:
> > > > > > > Thanks for your thoughs - I think, I get the idea.
> > > > > > > 
> > > > > > > Maybe:
> > > > > > > 
> > > > > > > - Using "mail.smtp.ssl.protocls" to allow easier
> > > > configuration
> > > > > > (as
> > > > > > > proposed in the PR) for
> > > > MailConnection#getConnectedTLSSocket() -
> > > > > > > would
> > > > > > > address 1.
> > > > > > > 
> > > > > > > - To address 3. and pre-claim: PR would enable all
> > > > protocols;
> > > > > > maybe
> > > > > > > address this concern by adding a default fallback
> pointing
> > > > to
> > > > > > TLSv1,
> > > > > > > TLSv1.1, TLSv1.2 and TLS v1.3 (if supported) if no custom
> > > > > > > configuration
> > > > > > > via "mail.smtp.ssl.protocls" is present?
> > > > > > > 
> > > > > > > - Documentation is always appreciated ;)
> > > > > > > 
> > > > > > > Wdyt?
> > > > > > > 
> > > > > > > Am Mittwoch, den 02.12.2020, 14:41 +0100 schrieb Romain
> > > > Manni-
> > > > > > Bucau:
> > > > > > > > Yes but issue that we don't want to enable

Re: Re: Geronimo Java Mail 1.6 in TomEE 8.0.5 -> TLS 1.2 / 1.3 Support?

2020-12-03 Thread Bernd Eckenfels

Hello,

Allowing protocols to be configured is good, but I am not sure why you fall 
back to a hand selected list of no configuration is given, why not simply use 
the JDK defaults, they are frequently adjusted (just recently the older TLS 
versions get removed).

Along this line, why enable all supported ciphers? There is a good reason why 
the JDK disables many. I would stick to the default ciphers (and protocols).

Gruss
Bernd
--
http://bernd.eckenfels.net


Von: Zowalla, Richard 
Gesendet: Mittwoch, Dezember 2, 2020 4:57 PM
An: dev@geronimo.apache.org
Betreff: Re: Re: Geronimo Java Mail 1.6 in TomEE 8.0.5 -> TLS 1.2 / 1.3 Support?

Should be fixed now.

Am Mittwoch, den 02.12.2020, 15:32 + schrieb Zowalla, Richard:
> It is indeed
>
> mail..ssl.socketFactory.class
>
> (see line 88, MailConnection#MAIL_SSL_FACTORY_CLASS -> uses
> reflection to create an instance of the specified factory.
>
> or
>
> mail..ssl.socketFactory
>
> (which requires adding a pre-configured and instantiated factory
> instance into the properties of the mail session)
>
> To be complete, I will add this way to the README as well.
>
> Am Mittwoch, den 02.12.2020, 16:24 +0100 schrieb Romain Manni-Bucau:
> > Isnt the property mail..ssl.socketFactory ?
> >
> > Romain Manni-Bucau
> > @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
> >
> >
> > Le mer. 2 déc. 2020 à 16:09, Zowalla, Richard <
> > richard.zowa...@hs-heilbronn.de> a écrit :
> > > Okay. Thanks for the feedback - today, I learned a lot about the
> > > insides of Javamail :)
> > >
> > > I have updated my PR:
> > >
> > > - Updated README.txt to contain some documentation about setting
> > > a
> > > custom ssl socket factory
> > > - Dropped TLSv1 in the fallback protocols (if no custom set
> > > properties
> > > are present)
> > >
> > > Thanks,
> > > Richard
> > >
> > >
> > > Am Mittwoch, den 02.12.2020, 15:29 +0100 schrieb Romain Manni-
> > > Bucau:
> > > > Guess you can just create a readme in the geronimo-javamail
> > > root
> > > > project, will be sufficient as a first step.
> > > > Abou he default I wonder if dropping tlsv1 cant be good since
> > > it will
> > > > be dropped soon?
> > > > Otherwise just adding the missing "o" in protocols i'm fine
> > > with your
> > > > proposal.
> > > >
> > > > We need to refine if we do a javamail subsite or a generic spec
> > > > subsite sill :s.
> > > >
> > > > Romain Manni-Bucau
> > > > @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
> > > >
> > > >
> > > > Le mer. 2 déc. 2020 à 15:26, Zowalla, Richard <
> > > > richard.zowa...@hs-heilbronn.de> a écrit :
> > > > > I updated the diff (cf. v2) to (hopefully) address the
> > > concerns
> > > > > raised
> > > > > (if I understood them correctly).
> > > > >
> > > > > If you point me to a location where I can add a README /
> > > > > documentation,
> > > > > I would be happy to fill another JIRA with a related PR to
> > > document
> > > > > the
> > > > > usage of the custom ssl socket factory.
> > > > >
> > > > > Am Mittwoch, den 02.12.2020, 13:58 + schrieb Zowalla,
> > > Richard:
> > > > > > Thanks for your thoughs - I think, I get the idea.
> > > > > >
> > > > > > Maybe:
> > > > > >
> > > > > > - Using "mail.smtp.ssl.protocls" to allow easier
> > > configuration
> > > > > (as
> > > > > > proposed in the PR) for
> > > MailConnection#getConnectedTLSSocket() -
> > > > > > would
> > > > > > address 1.
> > > > > >
> > > > > > - To address 3. and pre-claim: PR would enable all
> > > protocols;
> > > > > maybe
> > > > > > address this concern by adding a default fallback pointing
> > > to
> > > > > TLSv1,
> > > > > > TLSv1.1, TLSv1.2 and TLS v1.3 (if supported) if no custom
> > > > > > configuration
> > > > > > via "mail.smtp.ssl.protocls" is present?
> > > > > >
> > > > > > - Documentation is always appreciated ;)
> > > > > >
> > > > > > Wdyt?
> > > > > >
> > > > > > Am Mittwoch, den 02.12.2020, 14:41 +0100 schrieb Romain
> > > Manni-
> > > > > Bucau:
> > > > > > > Yes but issue that we don't want to enable them all too.
> > > > > > > So to be concrete what about:
> > > > > > >
> > > > > > > 1. Enable a smoother configuration (to avoid a custom
> > > class)
> > > > > > > 2. Document the custom class case better (at least in a
> > > readme)
> > > > > > > 3. Change a bit default to inherit JVM ones
> > > > > > >
> > > > > > > Think we should make the 3 to consider this case treated
> > > (does
> > > > > not
> > > > > > > mean it must be in the same PR but more before next
> > > release).
> > > > > > > Wdyt?
> > > > > > >
> > > > > > > Romain Manni-Bucau
> > > > > > > @rmannibucau |  Blog | Old Blog | Github | LinkedIn |
> > > Book
> > > > > > >
> > > > > > >
> > > > > > > Le mer. 2 déc. 2020 à 13:20, Zowalla, Richard <
> > > > > > > richard.zowa...@hs-heilbronn.de> a écrit :
> > > > > > > > Ah sorry - I misunderstood your comment.
> > > > > > > >
> > > > > > > > A custom socket factory would indeed fix the problem,
> > > but it
> > >

Re: Geronimo Java Mail 1.6 in TomEE 8.0.5 -> TLS 1.2 / 1.3 Support?

[RESULT] [VOTE] Release geronimo-openapi-1.0.14

Re: [VOTE] Release geronimo-openapi-1.0.14

Re: [VOTE] Release geronimo-openapi-1.0.14

[jira] [Commented] (GERONIMO-6792) Fix hard-coded TLSv1 version in MailConnection.java for Java Mail 1.6

[jira] [Updated] (GERONIMO-6792) Fix hard-coded TLSv1 version in MailConnection.java for Java Mail 1.6

Re: Re: Geronimo Java Mail 1.6 in TomEE 8.0.5 -> TLS 1.2 / 1.3 Support?

Re: Re: Geronimo Java Mail 1.6 in TomEE 8.0.5 -> TLS 1.2 / 1.3 Support?

8 matches

Site Navigation

Mail list logo

Footer information