cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefania (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-11164) Order and filter cipher suites correctly
Date Tue, 23 Feb 2016 02:42:18 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-11164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15158177#comment-15158177
] 

Stefania commented on CASSANDRA-11164:
--------------------------------------

[~spodxx@gmail.com] can you confirm that the only patch to review is the one you've attached,
_11164-on-10508-2.2.patch_? If so what is the correct patch for CASSANDRA-10508? I tried both
the text file attached or the github [link|https://github.com/spodkowinski/cassandra/tree/WIP-10508-2.2]
and I got compilation errors ({{filterCipherSuites(String[],String[]) is not public in SSLFactory;}}).


I know it's part of the patch of CASSANDRA-10508 but I couldn't help noticing that {{filterCipherSuites}}
could be much simpler and avoid redundancy and copies. Something like this: 

{code}
    public static String[] filterCipherSuites(String[] supported, String[] desired)
    {
        if (Arrays.equals(supported, desired))
            return desired;

        String[] ret = Iterables.toArray(Iterables.filter(Arrays.asList(desired), Predicates.in(Sets.newHashSet(supported))),
                                         String.class);

        if (logger.isWarnEnabled() && desired.length > ret.length)
        {
            Iterable<String> missing = Iterables.filter(Arrays.asList(desired), Predicates.not(Predicates.in(Sets.newHashSet(ret))));
            logger.warn("Filtering out {} as it isn't supported by the socket", Iterables.toString(missing));
        }
        return ret;
    }
{code}

I haven't tested it but I believe it should keep the order and avoid unnecessary copies other
than for creating sets, which is debatable - here too we could just use an {{ArrayList}} in
the predicate if we have less than 20 items or so.

As for this specific patch, it looks good except for a trailing space in {{CustomTThreadPoolServer.java}}.

Once we clarify the correct patches to apply I will organize a cassci run.

We should also update the title of this ticket to reflect its new scope.


> Order and filter cipher suites correctly
> ----------------------------------------
>
>                 Key: CASSANDRA-11164
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11164
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Tom Petracca
>            Assignee: Stefan Podkowinski
>            Priority: Minor
>             Fix For: 2.2.x
>
>         Attachments: 11164-2.2.txt, 11164-on-10508-2.2.patch
>
>
> As pointed out in https://issues.apache.org/jira/browse/CASSANDRA-10508, SSLFactory.filterCipherSuites()
doesn't respect the ordering of desired ciphers in cassandra.yaml.
> Also the fix that occurred for https://issues.apache.org/jira/browse/CASSANDRA-3278 is
incomplete and needs to be applied to all locations where we create an SSLSocket so that JCE
is not required out of the box or with additional configuration.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message