[
https://issues.apache.org/jira/browse/GEODE-10297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17541020#comment-17541020
]
ASF subversion and git services commented on GEODE-10297:
---------------------------------------------------------
Commit b85f2616ed848e7f8bc7d5f3577570d869cccc39 in geode's branch
refs/heads/support/1.15 from Donal Evans
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b85f2616ed ]
GEODE-10297: Create SSLContext using default protocols (#7680)
- Modify SSLUtil to attempt to create SSLContext using the supported SSL
contexts
- Add WANSSLDistributedTest to test protocol/cipher combinations in WAN
context
- Do not hide exception when generating key pair in CertificateBuilder
- Fix javadoc error in SocketCreator
Authored-by: Donal Evans <doev...@vmware.com>
(cherry picked from commit 1e873a670e0606f934666596ff70f346a3957d75)
> SSL protocol ordering can result in loss of newer protocol support.
> -------------------------------------------------------------------
>
> Key: GEODE-10297
> URL: https://issues.apache.org/jira/browse/GEODE-10297
> Project: Geode
> Issue Type: Bug
> Components: core
> Affects Versions: 1.12.9, 1.13.8, 1.14.4, 1.15.0, 1.16.0
> Reporter: Jacob Barrett
> Assignee: Donal Evans
> Priority: Major
> Labels: blocks-1.15.0, needsTriage, pull-request-available
> Fix For: 1.16.0
>
>
> If {{ssl-protocols}} is listed with a older protocol version ahead of a newer
> the {{SSLContext}} used will support at most that weaker protocol.
> For example {{ssl-protocols=TLSV1.2,TLSv1.3,TLSv1.1}} will use the
> {{TLSv1.2}} {{SSLContext}}, which will not support, and silently ignore, the
> {{TLSv1.3}} configuration. The effective enabled protocols list will be
> {{TLSV1.2,TLSv1.1}}.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
