[CASSANDRA-3278] SSLFactory should not enable cipher suites that aren't supported - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Low
Resolution: Fixed
Fix Version/s: 1.0.5
Component/s: None
Labels:
None
Environment:

OpenJDK on debian squeeze

Severity:
Low

Description

The socket creation (server or otherwise) in SSLFactory.java calls setEnabledCipherSuites with the values specified in EncryptionOptions.java:

public String[] cipherSuites = {
    "TLS_RSA_WITH_AES_128_CBC_SHA", 
    "TLS_RSA_WITH_AES_256_CBC_SHA"
};

The call to setEnabledCipherSuites fails on systems that don't have Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 because AES256 is not supported.

To avoid installing the unlimited strength policy file the code in SSLFactory.java should call getSupportedCipherSuites to find out which of the suites specified are supported.

Thanks,
George

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-commiting-changes-to-make-the-ks-ts-more-flexible-v2.patch
29/Nov/11 04:30
1 kB
Vijay
0001-commiting-filter-for-supported-suits.patch
06/Oct/11 23:46
4 kB
Vijay
0002-commiting-changes-to-make-the-ks-ts-more-flexible.patch
06/Oct/11 23:46
3 kB
Vijay
0002-commiting-filter-for-supported-suits-v2.patch
29/Nov/11 04:30
5 kB
Vijay
0003-expose-the-available-options-in-yaml.patch
06/Oct/11 23:46
1 kB
Vijay
0003-expose-the-available-options-in-yaml-v2.patch
29/Nov/11 04:30
1 kB
Vijay
cassandra-3278-cache.txt
04/Oct/11 00:24
7 kB
George
cassandra-3278-nocache.txt
04/Oct/11 00:24
2 kB
George

Activity

People

Assignee:: Vijay

Reporter:: George

Authors:: Vijay

Reviewers:: Brandon Williams

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 29/Sep/11 18:21

Updated:: 16/Apr/19 09:32

Resolved:: 29/Nov/11 16:42