qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PROTON-1565) dont throw if the anonymous ciphers are not supported
Date Thu, 31 Aug 2017 11:01:13 GMT

    [ https://issues.apache.org/jira/browse/PROTON-1565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16148829#comment-16148829
] 

ASF subversion and git services commented on PROTON-1565:
---------------------------------------------------------

Commit 8417d9a80990ccd40c89c66edc90b2b0a9fbdfd2 in qpid-proton-j's branch refs/heads/master
from [~gemmellr]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-proton-j.git;h=8417d9a ]

PROTON-1565: don't throw if the anonymous ciphers are not supported


> dont throw if the anonymous ciphers are not supported
> -----------------------------------------------------
>
>                 Key: PROTON-1565
>                 URL: https://issues.apache.org/jira/browse/PROTON-1565
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-j
>    Affects Versions: proton-j-0.20.0
>            Reporter: Robbie Gemmell
>            Assignee: Robbie Gemmell
>             Fix For: proton-j-0.21.0
>
>
> When the 'anonymous peer' ssl verify mode is used the transport ssl wrapper tries to
additionally enable the anonymous ciphers and throws if it fails to enable any of them. The
JVM has config to control which ciphers are supported, and if they aren't supported, they
obviously can't be enabled; some environments disable support for them by default, and others
may explicitly choose to. In that scenario the transport ssl layer fails to operate even where
an anonymous cipher wasn't ultimately going to be used (that exact scenario observed in a
test failure on Fedora26 with its packaged OpenJDK8).
> As this situation isn't really much different than other scenarios a client and server
might fail to agree on a cipher and fail, it doesn't seem that it need be special cased. Removing
the throw would allow scenarios which could succeed to continue on and do so, while those
that would fail doing so.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message