[JIRA] (JENKINS-26580) For JNLP slaves the master-slave communication should be encrypted
Title: Message Title Aaron Curley commented on JENKINS-26580 Re: For JNLP slaves the master-slave communication should be encrypted Great! Good to know. Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-26580) For JNLP slaves the master-slave communication should be encrypted
Title: Message Title Oleg Nenashev commented on JENKINS-26580 Re: For JNLP slaves the master-slave communication should be encrypted Aaron Curley Remoting 3 is going to include JNLP4 based on TLS. It's already integrated, but we have not released it yet Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-26580) For JNLP slaves the master-slave communication should be encrypted
Title: Message Title Aaron Curley commented on JENKINS-26580 Re: For JNLP slaves the master-slave communication should be encrypted Hi all, Correct me if I'm mistaken (since I've only taken a cursory look at the JNLP3 implementation, and that look was a few months ago) but aren't we currently using a custom-built "secure" transport protocol? (i.e. we built our own protocol using cryptographic primitives?) If so, this seems like an incorrect approach. It is generally recognized in our industry that "rolling your own cryptographic protocol" is a clear path to subtle cryptographic vulnerabilities. Isn't this something that we could just use TLS for? Provided we use strong settings (TLSv1.2, good ciphers, etc) wouldn't that give us a much better guarantee of security (than something custom-built)? Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-26580) For JNLP slaves the master-slave communication should be encrypted
Title: Message Title Oliver Gondža updated an issue Jenkins / JENKINS-26580 For JNLP slaves the master-slave communication should be encrypted Change By: Oliver Gondža Labels: 1.651.1-rejected jnlp lts-candidate remoting security Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-26580) For JNLP slaves the master-slave communication should be encrypted
Title: Message Title Oleg Nenashev commented on JENKINS-26580 Re: For JNLP slaves the master-slave communication should be encrypted The change has been reverted from 1.651.1: https://github.com/jenkinsci/jenkins/commit/343e65f28d15dc8c025a4aa98cd3c0169ebd224f I suspect JNLP3 has been never enabled by default in 1.651.x Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.