ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ilya Kasnacheev (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites
Date Thu, 24 Aug 2017 09:13:01 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16139794#comment-16139794
] 

Ilya Kasnacheev commented on IGNITE-6167:
-----------------------------------------

[~jens.borgland] You can subclass SSLContext and call protected SSLContext(SSLContextSpi contextSpi,
Provider provider, String protocol) constructor with crafted contextSpi which will return
engineGetServerSocketFactory() with specified TLS protocols and cipher suites. Maybe there's
some caveat but I don't immediately see it. That sure as day requires some dedicated effort.

> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols
and cipher suites
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: IGNITE-6167
>                 URL: https://issues.apache.org/jira/browse/IGNITE-6167
>             Project: Ignite
>          Issue Type: Wish
>    Affects Versions: 2.1
>            Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the {{javax.net.ssl.SSLContext}},
either specify a custom {{javax.net.ssl.SSLServerSocketFactory}} and a custom {{javax.net.ssl.SSLSocketFactory}},
or to be able to at least specify the enabled TLS protocols and cipher suites.
> I have noticed that the {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}}
has support for the latter but I cannot find a way of getting a reference to the filter instance.
The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled cipher suites
and protocols used by Ignite, without doing it globally for the JRE.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message