Cassandra
  1. Cassandra
  2. CASSANDRA-3278

SSLFactory should not enable cipher suites that aren't supported

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Fix Version/s: 1.0.5
    • Component/s: Core
    • Labels:
      None
    • Environment:

      OpenJDK on debian squeeze

      Description

      The socket creation (server or otherwise) in SSLFactory.java calls setEnabledCipherSuites with the values specified in EncryptionOptions.java:

      public String[] cipherSuites = {
          "TLS_RSA_WITH_AES_128_CBC_SHA", 
          "TLS_RSA_WITH_AES_256_CBC_SHA"
      };
      

      The call to setEnabledCipherSuites fails on systems that don't have Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 because AES256 is not supported.

      To avoid installing the unlimited strength policy file the code in SSLFactory.java should call getSupportedCipherSuites to find out which of the suites specified are supported.

      Thanks,
      George

        Activity

        Gavin made changes -
        Workflow patch-available, re-open possible [ 12748690 ] reopen-resolved, no closed status, patch-avail, testing [ 12756562 ]
        Gavin made changes -
        Workflow no-reopen-closed, patch-avail [ 12635839 ] patch-available, re-open possible [ 12748690 ]
        Brandon Williams made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Sylvain Lebresne made changes -
        Fix Version/s 1.0.5 [ 12319144 ]
        Fix Version/s 1.0.4 [ 12319064 ]
        Sylvain Lebresne made changes -
        Fix Version/s 1.0.4 [ 12319064 ]
        Fix Version/s 1.0.3 [ 12318940 ]
        Sylvain Lebresne made changes -
        Fix Version/s 1.0.3 [ 12318940 ]
        Fix Version/s 1.0.2 [ 12318740 ]
        Vijay made changes -
        Status In Progress [ 3 ] Patch Available [ 10002 ]
        Jonathan Ellis made changes -
        Status Patch Available [ 10002 ] In Progress [ 3 ]
        Assignee Vijay [ vijay2win@yahoo.com ]
        Reviewer vijay2win@yahoo.com brandon.williams
        Fix Version/s 1.0.2 [ 12318740 ]
        Fix Version/s 1.0.1 [ 12317948 ]
        Sylvain Lebresne made changes -
        Fix Version/s 1.0.1 [ 12317948 ]
        Fix Version/s 1.0.0 [ 12316349 ]
        Fix Version/s 0.8.8 [ 12318351 ]
        Vijay made changes -
        Jonathan Ellis made changes -
        Reviewer vijay vijay2win@yahoo.com
        Jonathan Ellis made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Affects Version/s 0.8.0 [ 12316403 ]
        Affects Version/s 1.0.0 [ 12316349 ]
        Affects Version/s 0.8.4 [ 12317551 ]
        Affects Version/s 0.8.5 [ 12317588 ]
        Affects Version/s 0.8.6 [ 12317850 ]
        Reviewer vijay
        Fix Version/s 1.0.0 [ 12316349 ]
        Sylvain Lebresne made changes -
        Fix Version/s 0.8.8 [ 12318351 ]
        Fix Version/s 0.8.7 [ 12317966 ]
        George made changes -
        Attachment cassandra-3278-nocache.txt [ 12497574 ]
        Attachment cassandra-3278-cache.txt [ 12497575 ]
        Jonathan Ellis made changes -
        Field Original Value New Value
        Fix Version/s 0.8.7 [ 12317966 ]
        George created issue -

          People

          • Assignee:
            Vijay
            Reporter:
            George
            Reviewer:
            Brandon Williams
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development