let me see if my understanding is correct: if ssl-enabled-component is none, then we would accept non-ssl connections, no ssl context will be used. if ssl-enabled-component is something other than "none", but we don't specify any other ssl-* configurations, then we use the default ssl context provided by JDK, any customization to the JDK's ssl context (either by installing a custom provider or keystore/truststore installed in jdk's path) will be used this way. But we do specify any other ssl-* configurations, then we use our usual way of loading the ssl context.
On Thu, Aug 9, 2018 at 10:33 AM Anthony Baker <aba...@pivotal.io> wrote: > > > > On Aug 9, 2018, at 10:05 AM, Jacob Barrett <jbarr...@pivotal.io> wrote: > > > > > > > > On Aug 9, 2018, at 9:42 AM, Anthony Baker <aba...@pivotal.io> wrote: > > > >>> > >>> > >>> I would like to also get consensus on defaulting GEODE's behavior to > always > >>> use default SSL context instead of introducing a new parameter > >>> 'ssl-use-default-sslcontext'. If user's have specified any existing > ssl-* > >>> props then the current implementation is exercised (ie to configure the > >>> context as per provided properties). > >>> > >> > >> If geode is always configured to use the default SSL context, how do we > know to when to accept SSL v non-SSL connections? > >> > > > > The enable ssl properties. > > > > Sorry I’m missing something. If the only time we accept SSL connections > is when you enable geode ssl-* properties, what is the point of enabling > the default SSL context by default? > > Anthony > > -- Cheers Jinmei
