[ https://issues.apache.org/jira/browse/GEODE-8419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Owen Nichols updated GEODE-8419: -------------------------------- Fix Version/s: 1.12.1 > SSL/TLS protocol and cipher suite configuration is ignored > ---------------------------------------------------------- > > Key: GEODE-8419 > URL: https://issues.apache.org/jira/browse/GEODE-8419 > Project: Geode > Issue Type: Bug > Components: client/server, membership, security > Affects Versions: 1.10.0, 1.11.0, 1.12.0, 1.13.0, 1.14.0 > Reporter: Jacob Barrett > Assignee: Bruce J Schuchardt > Priority: Major > Labels: pull-request-available > Fix For: 1.12.1, 1.14.0, 1.13.1 > > > Configuring {{ssl-protocols}} or {{ssl-ciphers}} properties, or per-component > ssl properties, have no effect. Configuring {{ssl-protocols}} may effect the > {{SSLContext}} selected and limit some of the protocols allowed but does not > restrict to just the set specified in the property. The {{ssl-ciphers}} > property does not limit cipher selection at all. > The result is that all ciphers allowed under the match {{SSLContext}} are > allowed and negotiated. This can result in an unintended cipher being used in > SSL/TLS communication. -- This message was sent by Atlassian Jira (v8.3.4#803005)