> > > I would like to also get consensus on defaulting GEODE's behavior to always > use default SSL context instead of introducing a new parameter > 'ssl-use-default-sslcontext'. If user's have specified any existing ssl-* > props then the current implementation is exercised (ie to configure the > context as per provided properties). >
If geode is always configured to use the default SSL context, how do we know to when to accept SSL v non-SSL connections? Anthony > Sai > > On Wed, Aug 1, 2018 at 3:02 PM Sai Boorlagadda <sai_boorlaga...@apache.org> > wrote: > >> All, >> >> >> GEODE-5338[1], is a feature request to support CA & KEY rotation on the >> client application. I am proposing a solution[2] to add a new SSL property ( >> *ssl-use-default-provider*) to let Geode use default security >> provider[3] (either JDK provided provider or a custom provider) to load and >> manage key and trust stores. >> >> >> I have submitted a PR[4] with the proposed change and a distributed test >> to showcase clients using a custom provider. Looking for feedback on the >> proposal and the PR as well. >> >> >> You can find details about the proposal on the wiki[3]. >> >> [1] https://issues.apache.org/jira/browse/GEODE-5338 >> [2] >> https://cwiki.apache.org/confluence/display/GEODE/Proposal+for+supporting+custom+java.security.Provider >> [3] https://docs.oracle.com/javase/8/docs/api/java/security/Provider.html >> [4] https://github.com/apache/geode/pull/2244 >>
