You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@nutch.apache.org by "Martin Djukanovic (Jira)" <ji...@apache.org> on 2024/02/19 16:21:00 UTC

[jira] [Created] (NUTCH-3030) Update default TLS cipher suites for http(s) protocol

Martin Djukanovic created NUTCH-3030:
----------------------------------------

             Summary: Update default TLS cipher suites for http(s) protocol
                 Key: NUTCH-3030
                 URL: https://issues.apache.org/jira/browse/NUTCH-3030
             Project: Nutch
          Issue Type: Improvement
    Affects Versions: 1.19
            Reporter: Martin Djukanovic
         Attachments: default_ciphers_and_protocols-2.patch

If http.tls.supported.cipher.suites is not set in the configuration, it defaults to a hard-coded list which is not exhaustive enough. I have encountered websites that exclusively use ciphers which are not included, so they could not be handled by protocol-http.

I changed this list to the system default -- SSLSocketFactory's .getDefaultCipherSuites() to be precise. One could also use .getSupportedCipherSuites() here, I suppose.

The original list should be moved to nutch-default.xml or omitted altogether. The protocol list is still hard-coded, but it is now also added to nutch-default.xml (so it can be easily changed manually if needed).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)