cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Demetrius Tsitrelis <dtsitre...@live.com>
Subject TLSv1 vs TLS vs SSL use throughout CS
Date Fri, 20 Dec 2013 20:56:33 GMT


I was looking at the SSL code in CloudStack
and noticed that there are about a dozen calls to the SSLContext.getInstance() method.  Some
of them
use the  "SSL" protocol while
others use "TLS" or "TLSv1".   So I'm wondering if it makes sense to expose a configuration
setting which specifies an organization's minimum secure protocol level and then use that
in all of CloudStack.  Is there a need to maintain distinct protocol configurations for each
SSL/TLS connection? Here's the
usage list today:

 plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerConnectionPool.java:90:
           javax.net.ssl.SSLContext sc =
javax.net.ssl.SSLContext.getInstance("TLS");

plugins/network-elements/nicira-nvp/src/com/cloud/network/nicira/NiciraNvpApi.java:555:  
             SSLContext sc =
SSLContext.getInstance("SSL");

plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java:42:
           SSLContext ctx =
SSLContext.getInstance("TLS");

plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java:703:
           SSLContext sslContext =
SSLContext.getInstance("SSL");

 services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java:71:
               sslContext =
SSLContext.getInstance("TLS");

services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java:94:
               sslContext =
SSLContext.getInstance("TLS");

services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java:236:          
 sslContext =
SSLContext.getInstance("SSL", "SunJSSE");

services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapper.java:130:     
      SSLContext sslContext =
SSLContext.getInstance("TLSv1");

 utils/src/com/cloud/utils/nio/Link.java:430:        sslContext =
SSLContext.getInstance("TLS");

utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java:114:
           SSLContext context =
SSLContext.getInstance("SSL");

 vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java:102:        javax.net.ssl.SSLContext
sc =
javax.net.ssl.SSLContext.getInstance("SSL");

vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java:80:            javax.net.ssl.SSLContext
sc =
javax.net.ssl.SSLContext.getInstance("SSL");

 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message