cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Petracca (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-11164) Order and filter cipher suites correctly
Date Fri, 12 Feb 2016 17:59:18 GMT


Tom Petracca commented on CASSANDRA-11164:

You need the filtering to ensure that you don't attempt to use an unsupported cipher suite.
 We attempt to use (by default) TLS_RSA_WITH_AES_256_CBC_SHA, which fails on systems that
don't have the JCE Unlimited Strength Jurisdiction Policy.  However I don't want to remove
the unsupported suites from the default because most people who have JCE will actually want
to use the stronger ones (and I generally like the idea of it having that functionality by

> Order and filter cipher suites correctly
> ----------------------------------------
>                 Key: CASSANDRA-11164
>                 URL:
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Tom Petracca
>            Priority: Minor
>             Fix For: 2.2.x
>         Attachments: 11164-2.2.txt
> As pointed out in, SSLFactory.filterCipherSuites()
doesn't respect the ordering of desired ciphers in cassandra.yaml.
> Also the fix that occurred for is
incomplete and needs to be applied to all locations where we create an SSLSocket so that JCE
is not required out of the box or with additional configuration.

This message was sent by Atlassian JIRA

View raw message