Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 26459 invoked from network); 21 Feb 2007 22:08:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Feb 2007 22:08:40 -0000 Received: (qmail 95238 invoked by uid 500); 21 Feb 2007 22:08:35 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 95216 invoked by uid 500); 21 Feb 2007 22:08:35 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 95189 invoked by uid 99); 21 Feb 2007 22:08:35 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Feb 2007 14:08:35 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Feb 2007 14:08:25 -0800 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 86B5B7141EE for ; Wed, 21 Feb 2007 14:08:05 -0800 (PST) Message-ID: <17357068.1172095685540.JavaMail.jira@brutus> Date: Wed, 21 Feb 2007 14:08:05 -0800 (PST) From: "Bernt M. Johnsen (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-2363) Add initial handshake on connection setup to determine server's required ssl support level and avoid client side attribute settings. In-Reply-To: <8300022.1172001965968.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12474850 ] Bernt M. Johnsen commented on DERBY-2363: ----------------------------------------- I like this idea. The client could also keep a hashtable of all host/portnumber pairs to keep track of which servers that are plaintext and thus avoid the overhead of trying out SSL on servers that already proven themselves to be plaintext. DERBY-2356 proposes three modes for ssl: off, basic and peerAuthentication. If we add negotiable and use that as default for the client we will have all we need. > Add initial handshake on connection setup to determine server's required ssl support level and avoid client side attribute settings. > ------------------------------------------------------------------------------------------------------------------------------------ > > Key: DERBY-2363 > URL: https://issues.apache.org/jira/browse/DERBY-2363 > Project: Derby > Issue Type: Improvement > Components: Network Client, Network Server, Security > Reporter: Daniel John Debrunner > > Based upon some of the discussion in DERBY-2108, it would be useful to have some initial handshake between the client and the server to indicate the required level of ssl support. This would avoid client applications having to setup ssl related JDBC attributes or DataSource properties. > Thus one could change the server to be ssl enabled without having to change any applications. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.