geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Baker <aba...@pivotal.io>
Subject Re: Proposal to support custom java.security.Provider
Date Thu, 09 Aug 2018 16:42:39 GMT
> 
> 
> I would like to also get consensus on defaulting GEODE's behavior to always
> use default SSL context instead of introducing a new parameter
> 'ssl-use-default-sslcontext'. If user's have specified any existing ssl-*
> props then the current implementation is exercised (ie to configure the
> context as per provided properties).
> 

If geode is always configured to use the default SSL context, how do we know to when to accept
SSL v non-SSL connections?

Anthony


> Sai
> 
> On Wed, Aug 1, 2018 at 3:02 PM Sai Boorlagadda <sai_boorlagadda@apache.org>
> wrote:
> 
>> All,
>> 
>> 
>> GEODE-5338[1], is a feature request to support CA & KEY rotation on the
>> client application. I am proposing a solution[2] to add a new SSL property (
>> *ssl-use-default-provider*) to let Geode use default security
>> provider[3] (either JDK provided provider or a custom provider) to load and
>> manage key and trust stores.
>> 
>> 
>> I have submitted a PR[4] with the proposed change and a distributed test
>> to showcase clients using a custom provider. Looking for feedback on the
>> proposal and the PR as well.
>> 
>> 
>> You can find details about the proposal on the wiki[3].
>> 
>> [1] https://issues.apache.org/jira/browse/GEODE-5338
>> [2]
>> https://cwiki.apache.org/confluence/display/GEODE/Proposal+for+supporting+custom+java.security.Provider
>> [3] https://docs.oracle.com/javase/8/docs/api/java/security/Provider.html
>> [4] https://github.com/apache/geode/pull/2244
>> 


Mime
View raw message