Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-3278

SSLFactory should not enable cipher suites that aren't supported

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Low
    • Resolution: Fixed
    • Fix Version/s: 1.0.5
    • Component/s: None
    • Labels:
      None
    • Environment:

      OpenJDK on debian squeeze

    • Severity:
      Low

      Description

      The socket creation (server or otherwise) in SSLFactory.java calls setEnabledCipherSuites with the values specified in EncryptionOptions.java:

      public String[] cipherSuites = {
          "TLS_RSA_WITH_AES_128_CBC_SHA", 
          "TLS_RSA_WITH_AES_256_CBC_SHA"
      };
      

      The call to setEnabledCipherSuites fails on systems that don't have Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 because AES256 is not supported.

      To avoid installing the unlimited strength policy file the code in SSLFactory.java should call getSupportedCipherSuites to find out which of the suites specified are supported.

      Thanks,
      George

        Attachments

          Activity

            People

            • Assignee:
              vijay2win@yahoo.com Vijay
              Reporter:
              gcristea George
              Authors:
              Vijay
              Reviewers:
              Brandon Williams
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: