cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Petracca (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-11164) Order and filter cipher suites correctly
Date Fri, 12 Feb 2016 17:59:18 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-11164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15144958#comment-15144958
] 

Tom Petracca commented on CASSANDRA-11164:
------------------------------------------

You need the filtering to ensure that you don't attempt to use an unsupported cipher suite.
 We attempt to use (by default) TLS_RSA_WITH_AES_256_CBC_SHA, which fails on systems that
don't have the JCE Unlimited Strength Jurisdiction Policy.  However I don't want to remove
the unsupported suites from the default because most people who have JCE will actually want
to use the stronger ones (and I generally like the idea of it having that functionality by
default).

> Order and filter cipher suites correctly
> ----------------------------------------
>
>                 Key: CASSANDRA-11164
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11164
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Tom Petracca
>            Priority: Minor
>             Fix For: 2.2.x
>
>         Attachments: 11164-2.2.txt
>
>
> As pointed out in https://issues.apache.org/jira/browse/CASSANDRA-10508, SSLFactory.filterCipherSuites()
doesn't respect the ordering of desired ciphers in cassandra.yaml.
> Also the fix that occurred for https://issues.apache.org/jira/browse/CASSANDRA-3278 is
incomplete and needs to be applied to all locations where we create an SSLSocket so that JCE
is not required out of the box or with additional configuration.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message