subject:"\[jira\] \[Commented\] \(IGNITE\-6167\) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites"

[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites

2018-08-01 Thread Mikhail Cherkasov (JIRA)



[ 
https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16565318#comment-16565318
 ] 

Mikhail Cherkasov commented on IGNITE-6167:
---

[~vozerov] could you please review my changes?

> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled 
> TLS protocols and cipher suites
> 
>
> Key: IGNITE-6167
> URL: https://issues.apache.org/jira/browse/IGNITE-6167
> Project: Ignite
>  Issue Type: Wish
>  Components: security
>Affects Versions: 2.1
>Reporter: Jens Borgland
>Assignee: Mikhail Cherkasov
>Priority: Major
>
> It would be very useful to be able to, in addition to the 
> {{javax.net.ssl.SSLContext}}, either specify a custom 
> {{javax.net.ssl.SSLServerSocketFactory}} and a custom 
> {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the 
> enabled TLS protocols and cipher suites.
> I have noticed that the 
> {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for 
> the latter but I cannot find a way of getting a reference to the filter 
> instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as 
> far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled 
> cipher suites and protocols used by Ignite, without doing it globally for the 
> JRE.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites

2017-08-24 Thread Jens Borgland (JIRA)


[ 
https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16140537#comment-16140537
 ] 

Jens Borgland commented on IGNITE-6167:
---

Thank you [~ilyak]! I did at some point explore this option but I didn't think 
of delegating to the SSLContext from my SSLContextSpi implementation (and I 
couldn't find a way of getting hold of a SSLContextSpi instance). I've now done 
just the thing you suggested and through that also worked around IGNITE-6168.

> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled 
> TLS protocols and cipher suites
> 
>
> Key: IGNITE-6167
> URL: https://issues.apache.org/jira/browse/IGNITE-6167
> Project: Ignite
>  Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the 
> {{javax.net.ssl.SSLContext}}, either specify a custom 
> {{javax.net.ssl.SSLServerSocketFactory}} and a custom 
> {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the 
> enabled TLS protocols and cipher suites.
> I have noticed that the 
> {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for 
> the latter but I cannot find a way of getting a reference to the filter 
> instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as 
> far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled 
> cipher suites and protocols used by Ignite, without doing it globally for the 
> JRE.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites

2017-08-24 Thread Ilya Kasnacheev (JIRA)


[ 
https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16139794#comment-16139794
 ] 

Ilya Kasnacheev commented on IGNITE-6167:
-

[~jens.borgland] You can subclass SSLContext and call protected 
SSLContext(SSLContextSpi contextSpi, Provider provider, String protocol) 
constructor with crafted contextSpi which will return 
engineGetServerSocketFactory() with specified TLS protocols and cipher suites. 
Maybe there's some caveat but I don't immediately see it. That sure as day 
requires some dedicated effort.

> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled 
> TLS protocols and cipher suites
> 
>
> Key: IGNITE-6167
> URL: https://issues.apache.org/jira/browse/IGNITE-6167
> Project: Ignite
>  Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the 
> {{javax.net.ssl.SSLContext}}, either specify a custom 
> {{javax.net.ssl.SSLServerSocketFactory}} and a custom 
> {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the 
> enabled TLS protocols and cipher suites.
> I have noticed that the 
> {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for 
> the latter but I cannot find a way of getting a reference to the filter 
> instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as 
> far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled 
> cipher suites and protocols used by Ignite, without doing it globally for the 
> JRE.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites

2017-08-23 Thread Jens Borgland (JIRA)


[ 
https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138274#comment-16138274
 ] 

Jens Borgland commented on IGNITE-6167:
---

[~ilyak], perhaps it's me who's missing something obvious but I cannot really 
find a reasonable way of subclassing SSLContext - and getSocketFactory() and 
getServerSocketFactory() are both final. I have however created my own 
SslContextFactory (in order to set up revocation checking the way I need) and 
that part works fine.

> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled 
> TLS protocols and cipher suites
> 
>
> Key: IGNITE-6167
> URL: https://issues.apache.org/jira/browse/IGNITE-6167
> Project: Ignite
>  Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the 
> {{javax.net.ssl.SSLContext}}, either specify a custom 
> {{javax.net.ssl.SSLServerSocketFactory}} and a custom 
> {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the 
> enabled TLS protocols and cipher suites.
> I have noticed that the 
> {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for 
> the latter but I cannot find a way of getting a reference to the filter 
> instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as 
> far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled 
> cipher suites and protocols used by Ignite, without doing it globally for the 
> JRE.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites

2017-08-23 Thread Ilya Kasnacheev (JIRA)


[ 
https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138259#comment-16138259
 ] 

Ilya Kasnacheev commented on IGNITE-6167:
-

[~jens.borgland] You can create your own subclass of SslContextFactory, 
overriding create(), which will return your own SSLContext, overriding 
getSocketFactory() and getServerSocketFactory() and returning custom socket 
factories. Anything obvious I am missing? Seems doable. Of course the usability 
of that solution is suboptimal.

> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled 
> TLS protocols and cipher suites
> 
>
> Key: IGNITE-6167
> URL: https://issues.apache.org/jira/browse/IGNITE-6167
> Project: Ignite
>  Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the 
> {{javax.net.ssl.SSLContext}}, either specify a custom 
> {{javax.net.ssl.SSLServerSocketFactory}} and a custom 
> {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the 
> enabled TLS protocols and cipher suites.
> I have noticed that the 
> {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for 
> the latter but I cannot find a way of getting a reference to the filter 
> instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as 
> far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled 
> cipher suites and protocols used by Ignite, without doing it globally for the 
> JRE.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites

[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites

[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites

[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites

[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites

5 matches

Site Navigation

Mail list logo

Footer information