cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject Re: TLSv1 vs TLS vs SSL use throughout CS
Date Mon, 23 Dec 2013 22:59:56 GMT
Why not set it to the highest secure protocol level always?

On 12/20/13 12:56 PM, "Demetrius Tsitrelis" <dtsitrelis@live.com> wrote:

>
>
>I was looking at the SSL code in CloudStack
>and noticed that there are about a dozen calls to the
>SSLContext.getInstance() method.  Some of them
>use the  "SSL" protocol while
>others use "TLS" or "TLSv1".   So I'm wondering if it makes sense to
>expose a configuration setting which specifies an organization's minimum
>secure protocol level and then use that in all of CloudStack.  Is there a
>need to maintain distinct protocol configurations for each SSL/TLS
>connection? Here's the
>usage list today:
>
> 
>plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerCon
>nectionPool.java:90:            javax.net.ssl.SSLContext sc =
>javax.net.ssl.SSLContext.getInstance("TLS");
>
>plugins/network-elements/nicira-nvp/src/com/cloud/network/nicira/NiciraNvp
>Api.java:555:                SSLContext sc =
>SSLContext.getInstance("SSL");
>
>plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientW
>rapper.java:42:            SSLContext ctx =
>SSLContext.getInstance("TLS");
>
>plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datasto
>re/util/SolidFireUtil.java:703:            SSLContext sslContext =
>SSLContext.getInstance("SSL");
>
> 
>services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecur
>eServerFactoryImpl.java:71:                sslContext =
>SSLContext.getInstance("TLS");
>
>services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecur
>eServerFactoryImpl.java:94:                sslContext =
>SSLContext.getInstance("TLS");
>
>services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
>:236:            sslContext =
>SSLContext.getInstance("SSL", "SunJSSE");
>
>services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapper
>.java:130:            SSLContext sslContext =
>SSLContext.getInstance("TLSv1");
>
> utils/src/com/cloud/utils/nio/Link.java:430:        sslContext =
>SSLContext.getInstance("TLS");
>
>utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketF
>actory.java:114:            SSLContext context =
>SSLContext.getInstance("SSL");
>
> vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java:102:
>      javax.net.ssl.SSLContext sc =
>javax.net.ssl.SSLContext.getInstance("SSL");
>
>vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java:80:
>         javax.net.ssl.SSLContext sc =
>javax.net.ssl.SSLContext.getInstance("SSL");
>
> 		 	   		  


Mime
View raw message