cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Cristea (Created) (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CASSANDRA-3278) SSLFactory should not enable cipher suites that aren't supported
Date Thu, 29 Sep 2011 18:21:45 GMT
SSLFactory should not enable cipher suites that aren't supported
----------------------------------------------------------------

                 Key: CASSANDRA-3278
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-3278
             Project: Cassandra
          Issue Type: Bug
          Components: Core
    Affects Versions: 0.8.6, 0.8.5, 0.8.4, 1.0.0
         Environment: OpenJDK on debian squeeze
            Reporter: George Cristea
            Priority: Minor


The socket creation (server or otherwise) in SSLFactory.java calls [setEnabledCipherSuites|http://download.oracle.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setEnabledCipherSuites(java.lang.String\[\])]
with the values specified in EncryptionOptions.java:

{code}
public String[] cipherSuites = {
    "TLS_RSA_WITH_AES_128_CBC_SHA", 
    "TLS_RSA_WITH_AES_256_CBC_SHA"
};
{code}

The call to [setEnabledCipherSuites|http://download.oracle.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setEnabledCipherSuites(java.lang.String\[\])]
fails on systems that don't have [Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction
Policy Files 6|http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html]
because AES256 is not supported.

To avoid installing the unlimited strength policy file the code in SSLFactory.java should
call [getSupportedCipherSuites|http://download.oracle.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#getSupportedCipherSuites()]
to find out which of the suites specified are supported.

Thanks,
George

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message