[GEODE-8419] SSL/TLS protocol and cipher suite configuration is ignored - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.10.0, 1.11.0, 1.12.0, 1.13.0, 1.14.0
Fix Version/s: 1.12.1, 1.13.1, 1.14.0
Component/s: client/server, membership, security
Labels:
- pull-request-available

Description

Configuring ssl-protocols or ssl-ciphers properties, or per-component ssl properties, have no effect. Configuring ssl-protocols may effect the SSLContext selected and limit some of the protocols allowed but does not restrict to just the set specified in the property. The ssl-ciphers property does not limit cipher selection at all.

The result is that all ciphers allowed under the match SSLContext are allowed and negotiated. This can result in an unintended cipher being used in SSL/TLS communication.

Attachments

Issue Links

causes

GEODE-9991 SSL protocol and cipher preferences are ignored when endpoint verification is enabled.

Closed

links to

GitHub Pull Request #5465

GitHub Pull Request #5587

GitHub Pull Request #5594

Activity

People

Assignee:: Bruce J Schuchardt

Reporter:: Jacob Barrett

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 10/Aug/20 23:44

Updated:: 27/Jan/22 16:32

Resolved:: 19/Aug/20 22:27