[GitHub] maskit commented on issue #1225: Enable specification of TLS Protocol Versions and Cipher Suites

[GitBox]

maskit commented on issue #1225: Enable specification of TLS Protocol Versions 
and Cipher Suites
URL: https://github.com/apache/incubator-pulsar/pull/1225#issuecomment-365254767
 
 
   @jai1 You may want to read these. If I understand correctly, HTTP 
entrypoints, which use `SecurityUtility::createSslContext`, may accept any 
protocol versions, even if we change the string to "TLS1.2".
   
   
https://docs.oracle.com/javase/9/docs/api/javax/net/ssl/SSLContext.html#getInstance-java.lang.String-
   
https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#sslcontext-algorithms
   
https://stackoverflow.com/questions/43481010/how-to-enable-only-tlsv1-2-on-java-8-server-application?noredirect=1=1
   
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] maskit commented on issue #1225: Enable specification of TLS Protocol Versions and Cipher Suites

[GitBox]

maskit commented on issue #1225: Enable specification of TLS Protocol Versions 
and Cipher Suites
URL: https://github.com/apache/incubator-pulsar/pull/1225#issuecomment-365100577
 
 
   Huge +1. I?ve been worried about this.
   
   IIRC, we pass a string literal ?SSL? as an argument somewhere else, and 
probably we can pass ?TLS1.2? instead. Maybe we should fix it too.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services