A few comments after my first take at trying out the (v1) patch:
(I have only tried ssl=basic so far...)
1) No server commands (e.g. shutdown, ping, runtimeinfo) worked after the server was started with SSL on (basic) . The message I'm getting is:
Invalid reply header from network server: Invalid string .
2) Using -Dderby.drda.sslMode=basic (and ssl=basic in the client URL) seemed to work fine, although I did not actually inspect the network traffic to verify encryption.
3) Using ssl=basic as an option to the NetworkServerControl start command did not work:
Command line: java <properties> -jar derbyrun.jar server start ssl=basic
Result: Invalid number of arguments for command start.
Command line: java <properties> -jar derbyrun.jar server start -ssl=basic
Result: Argument -ssl=basic is unknown.
I tried both with and without the -unsecure option/plain-text authentication.
4) The funcSpec says:
SSL at the server side is activated with the property
derby.drda.sslMode (default off) or the -ssl option for the server
By "the server command", do you mean the start command of the server? This should perhaps be clarified in the funcSpec?
5) The funcSpec also says:
The property may have three values: "off", "basic" and
However, the example in section 2.3 is using ssl=authenticate. Also, comments in the patch seem to indicate that "false", "true" and "auth" are also valid property values. What is (or should be) the correct set of valid values?
6) I verified that connection attempts against a server started with SSL off, but with ssl=basic in the client URL, resulted in an informative error message on the client side.