[
https://issues.apache.org/jira/browse/GEODE-8419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17209009#comment-17209009
]
ASF subversion and git services commented on GEODE-8419:
--------------------------------------------------------
Commit 93a4ef9fd7af105a840e648fe878893eb5b28ab6 in geode's branch
refs/heads/feature/GEODE-8419-backport-1-13 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=93a4ef9 ]
GEODE-8419: SSL/TLS protocol and cipher suite configuration is ignored (#5465)
* GEODE-8419: SSL/TLS protocol and cipher suite configuration is ignored
Configure cipher suites when creating an SSLEngine
* addressing test issues
* fixing error in SSLSocket endpoint validation
* addressing Jake's comments
* change test to use ArgumentCaptor - thanks Jake\!
* check captured argument content
(cherry picked from commit 537721ff815cf40eff85fde65db9b5e787471c89)
> SSL/TLS protocol and cipher suite configuration is ignored
> ----------------------------------------------------------
>
> Key: GEODE-8419
> URL: https://issues.apache.org/jira/browse/GEODE-8419
> Project: Geode
> Issue Type: Bug
> Components: client/server, membership, security
> Affects Versions: 1.10.0, 1.11.0, 1.12.0, 1.13.0, 1.14.0
> Reporter: Jacob Barrett
> Assignee: Bruce J Schuchardt
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.14.0
>
>
> Configuring {{ssl-protocols}} or {{ssl-ciphers}} properties, or per-component
> ssl properties, have no effect. Configuring {{ssl-protocols}} may effect the
> {{SSLContext}} selected and limit some of the protocols allowed but does not
> restrict to just the set specified in the property. The {{ssl-ciphers}}
> property does not limit cipher selection at all.
> The result is that all ciphers allowed under the match {{SSLContext}} are
> allowed and negotiated. This can result in an unintended cipher being used in
> SSL/TLS communication.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
