anmolnar commented on code in PR #2239:
URL: https://github.com/apache/zookeeper/pull/2239#discussion_r2014700415
##########
zookeeper-server/src/main/java/org/apache/zookeeper/common/ClientX509Util.java:
##########
@@ -80,7 +80,10 @@ public SslContext createNettySslContextForClient(ZKConfig
config)
}
sslContextBuilder.enableOcsp(config.getBoolean(getSslOcspEnabledProperty()));
- sslContextBuilder.protocols(getEnabledProtocols(config));
+ String[] enabledProtocols = getEnabledProtocols(config);
Review Comment:
Setting it to null explicitly and not setting it are two different things.
What's the default value?
With this behaviour we will keep the default value which I think makes sense
in this case.
##########
zookeeper-docs/src/main/resources/markdown/zookeeperAdmin.md:
##########
@@ -1738,7 +1738,9 @@ and [SASL authentication for
ZooKeeper](https://cwiki.apache.org/confluence/disp
(Java system properties: **zookeeper.ssl.ciphersuites** and
**zookeeper.ssl.quorum.ciphersuites**)
**New in 3.5.5:**
Specifies the enabled cipher suites to be used in client and quorum TLS
negotiation.
- Default: Enabled cipher suites depend on the Java runtime version being
used.
+ Default: None, the JVM defaults are used (3.10.0+),
+ Enabled cipher suites are hard coded, with the ordering dependent on
whether Java 8, or Java 9+ is used.
+ For Java 8 the list begins with the TLSv1.2 CBC ciphers, while for Java 9+
it begins with the TLSv1.2 CBM ciphers (3.5.5-3.9.x).
Review Comment:
Shall we list the cipher suites explicitly here which were previously in the
code?
I know source control preserves it for the future, but I think it could be
beneficial here as well for future doc readers.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
