cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefania (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-11164) Order and filter cipher suites correctly
Date Tue, 23 Feb 2016 02:42:18 GMT


Stefania commented on CASSANDRA-11164:

[] can you confirm that the only patch to review is the one you've attached,
_11164-on-10508-2.2.patch_? If so what is the correct patch for CASSANDRA-10508? I tried both
the text file attached or the github [link|]
and I got compilation errors ({{filterCipherSuites(String[],String[]) is not public in SSLFactory;}}).

I know it's part of the patch of CASSANDRA-10508 but I couldn't help noticing that {{filterCipherSuites}}
could be much simpler and avoid redundancy and copies. Something like this: 

    public static String[] filterCipherSuites(String[] supported, String[] desired)
        if (Arrays.equals(supported, desired))
            return desired;

        String[] ret = Iterables.toArray(Iterables.filter(Arrays.asList(desired),,

        if (logger.isWarnEnabled() && desired.length > ret.length)
            Iterable<String> missing = Iterables.filter(Arrays.asList(desired), Predicates.not(;
            logger.warn("Filtering out {} as it isn't supported by the socket", Iterables.toString(missing));
        return ret;

I haven't tested it but I believe it should keep the order and avoid unnecessary copies other
than for creating sets, which is debatable - here too we could just use an {{ArrayList}} in
the predicate if we have less than 20 items or so.

As for this specific patch, it looks good except for a trailing space in {{}}.

Once we clarify the correct patches to apply I will organize a cassci run.

We should also update the title of this ticket to reflect its new scope.

> Order and filter cipher suites correctly
> ----------------------------------------
>                 Key: CASSANDRA-11164
>                 URL:
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Tom Petracca
>            Assignee: Stefan Podkowinski
>            Priority: Minor
>             Fix For: 2.2.x
>         Attachments: 11164-2.2.txt, 11164-on-10508-2.2.patch
> As pointed out in, SSLFactory.filterCipherSuites()
doesn't respect the ordering of desired ciphers in cassandra.yaml.
> Also the fix that occurred for is
incomplete and needs to be applied to all locations where we create an SSLSocket so that JCE
is not required out of the box or with additional configuration.

This message was sent by Atlassian JIRA

View raw message