Return-Path: X-Original-To: apmail-cassandra-commits-archive@www.apache.org Delivered-To: apmail-cassandra-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B9E82916C for ; Thu, 29 Sep 2011 18:22:07 +0000 (UTC) Received: (qmail 9077 invoked by uid 500); 29 Sep 2011 18:22:07 -0000 Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org Received: (qmail 9036 invoked by uid 500); 29 Sep 2011 18:22:07 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 8899 invoked by uid 99); 29 Sep 2011 18:22:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Sep 2011 18:22:07 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Sep 2011 18:22:06 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id B30612A0F6E for ; Thu, 29 Sep 2011 18:21:45 +0000 (UTC) Date: Thu, 29 Sep 2011 18:21:45 +0000 (UTC) From: "George Cristea (Created) (JIRA)" To: commits@cassandra.apache.org Message-ID: <149775851.8491.1317320505735.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Created] (CASSANDRA-3278) SSLFactory should not enable cipher suites that aren't supported MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 SSLFactory should not enable cipher suites that aren't supported ---------------------------------------------------------------- Key: CASSANDRA-3278 URL: https://issues.apache.org/jira/browse/CASSANDRA-3278 Project: Cassandra Issue Type: Bug Components: Core Affects Versions: 0.8.6, 0.8.5, 0.8.4, 1.0.0 Environment: OpenJDK on debian squeeze Reporter: George Cristea Priority: Minor The socket creation (server or otherwise) in SSLFactory.java calls [setEnabledCipherSuites|http://download.oracle.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setEnabledCipherSuites(java.lang.String\[\])] with the values specified in EncryptionOptions.java: {code} public String[] cipherSuites = { "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA" }; {code} The call to [setEnabledCipherSuites|http://download.oracle.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setEnabledCipherSuites(java.lang.String\[\])] fails on systems that don't have [Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6|http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html] because AES256 is not supported. To avoid installing the unlimited strength policy file the code in SSLFactory.java should call [getSupportedCipherSuites|http://download.oracle.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#getSupportedCipherSuites()] to find out which of the suites specified are supported. Thanks, George -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira