[IGNITE-6167] Ability to enabled TLS protocols and cipher suites - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Wish
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1
Fix Version/s: 2.7
Component/s: security
Labels:
None

Ignite Flags:

Docs Required

Description

It would be very useful to be able to, in addition to the javax.net.ssl.SSLContext, either specify a custom javax.net.ssl.SSLServerSocketFactory and a custom javax.net.ssl.SSLSocketFactory, or to be able to at least specify the enabled TLS protocols and cipher suites.

I have noticed that the org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter has support for the latter but I cannot find a way of getting a reference to the filter instance. The GridNioSslFilter also isn't used by TcpDiscoverySpi as far as I can tell.

Currently (as far as I can tell) there is no way of specifying the enabled cipher suites and protocols used by Ignite, without doing it globally for the JRE.

Attachments

Issue Links

causes

IGNITE-11077 Add information about SSL cipher suites to apacheignite.readme.io

Open

is related to

IGNITE-9329 Positive and negative tests for SSL ciphers and protocols

Open

relates to

IGNITE-7997 Ability to use different SSL trust store password and private key password

Open

links to

GitHub Pull Request #4440

GitHub Pull Request #4582

(2 links to)

Activity

People

Assignee:: Mikhail Cherkasov

Reporter:: Jens Borgland

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 23/Aug/17 10:53

Updated:: 25/Jan/19 10:12

Resolved:: 21/Aug/18 14:35