Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-2356

Make SSL server authentication optional

    Details

    • Bug behavior facts:
      Security

      Description

      Default SSL behaviour is to require serer authentication. For a database application this is not as important as it is for web browsers and also creates som extra hassle for the user/application programmer. Since the main objective for SSL in Derby is encryption on the wire, server authentication should be optional (the same way client authentication is).

      This also creates some symmetry which can be exploited to simplify the user interfce somewhat. This improvement to DERBY-2108 is described in the attached functional specification. See the attachment for details.

        Attachments

        1. SSLFuncSpect.txt
          5 kB
          Bernt M. Johnsen
        2. SSLFuncSpect.txt
          6 kB
          Bernt M. Johnsen
        3. derby-2356-v3.diff
          23 kB
          Bernt M. Johnsen
        4. derby-2356-v2.stat
          0.7 kB
          Bernt M. Johnsen
        5. derby-2356-v2.diff
          23 kB
          Bernt M. Johnsen
        6. derby-2356-v1.stat
          0.7 kB
          Bernt M. Johnsen
        7. derby-2356-v1.diff
          21 kB
          Bernt M. Johnsen

          Issue Links

            Activity

              People

              • Assignee:
                bernt Bernt M. Johnsen
                Reporter:
                bernt Bernt M. Johnsen
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: