ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jens Borgland (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites
Date Thu, 24 Aug 2017 19:14:02 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16140537#comment-16140537
] 

Jens Borgland commented on IGNITE-6167:
---------------------------------------

Thank you [~ilyak]! I did at some point explore this option but I didn't think of delegating
to the SSLContext from my SSLContextSpi implementation (and I couldn't find a way of getting
hold of a SSLContextSpi instance). I've now done just the thing you suggested and through
that also worked around IGNITE-6168.

> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols
and cipher suites
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: IGNITE-6167
>                 URL: https://issues.apache.org/jira/browse/IGNITE-6167
>             Project: Ignite
>          Issue Type: Wish
>    Affects Versions: 2.1
>            Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the {{javax.net.ssl.SSLContext}},
either specify a custom {{javax.net.ssl.SSLServerSocketFactory}} and a custom {{javax.net.ssl.SSLSocketFactory}},
or to be able to at least specify the enabled TLS protocols and cipher suites.
> I have noticed that the {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}}
has support for the latter but I cannot find a way of getting a reference to the filter instance.
The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled cipher suites
and protocols used by Ignite, without doing it globally for the JRE.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message