You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@jclouds.apache.org by Andrew Phillips <no...@github.com> on 2014/10/17 02:19:07 UTC

[jclouds] Enforcing TLS for SSL connections (#575)

To avoid a jclouds client being vulnerable to POODLE

See https://issues.apache.org/jira/browse/JCLOUDS-753
You can merge this Pull Request by running:

  git pull https://github.com/jclouds/jclouds enforce-tls

Or you can view, comment on it, or merge it online at:

  https://github.com/jclouds/jclouds/pull/575

-- Commit Summary --

  * Enforcing TLS for SSL connections

-- File Changes --

    M core/src/main/java/org/jclouds/http/config/SSLModule.java (1)

-- Patch Links --

https://github.com/jclouds/jclouds/pull/575.patch
https://github.com/jclouds/jclouds/pull/575.diff

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by CloudBees pull request builder plugin <no...@github.com>.

[jclouds-pull-requests-java-6 #207](https://jclouds.ci.cloudbees.com/job/jclouds-pull-requests-java-6/207/) SUCCESS
This pull request looks good

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59611025

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by CloudBees pull request builder plugin <no...@github.com>.

[jclouds-pull-requests-java-6 #205](https://jclouds.ci.cloudbees.com/job/jclouds-pull-requests-java-6/205/) SUCCESS
This pull request looks good

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59450561

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by Andrew Phillips <no...@github.com>.

> @@ -87,6 +87,7 @@ public SSLContext get() {
>              SSLContext sc;
>              sc = SSLContext.getInstance("SSL");

> For consistency, should this also be changed to SSLContext.getInstance("TLS")?

Probably ;-) Will update...

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575/files#r19050505

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by CloudBees pull request builder plugin <no...@github.com>.

[jclouds-pull-requests #1295](https://jclouds.ci.cloudbees.com/job/jclouds-pull-requests/1295/) SUCCESS
This pull request looks good

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59595031

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by Andrew Phillips <no...@github.com>.

Superseded by whatever will happen for https://issues.apache.org/jira/browse/JCLOUDS-759.

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-60354896

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by BuildHive <no...@github.com>.

[jclouds » jclouds #1803](https://buildhive.cloudbees.com/job/jclouds/job/jclouds/1803/) SUCCESS
This pull request looks good
[(what's this?)](https://www.cloudbees.com/what-is-buildhive)

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59615088

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by CloudBees pull request builder plugin <no...@github.com>.

[jclouds-pull-requests #1296](https://jclouds.ci.cloudbees.com/job/jclouds-pull-requests/1296/) SUCCESS
This pull request looks good

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59611788

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by CloudBees pull request builder plugin <no...@github.com>.

[jclouds-pull-requests #1294](https://jclouds.ci.cloudbees.com/job/jclouds-pull-requests/1294/) SUCCESS
This pull request looks good

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59452681

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by BuildHive <no...@github.com>.

[jclouds » jclouds #1799](https://buildhive.cloudbees.com/job/jclouds/job/jclouds/1799/) UNSTABLE
Looks like there's a problem with this pull request
[(what's this?)](https://www.cloudbees.com/what-is-buildhive)

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59454223

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by Andrew Phillips <no...@github.com>.

@andrewgaul Have you had a chance to look at this issue over the weekend?

@adriancole Do you know if this change would be sufficient for OkHttp?

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59675900

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by Diwaker Gupta <no...@github.com>.

LGMT :+1: ship it!

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59666003

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by Andrew Phillips <no...@github.com>.

>              sc.init(null, new TrustManager[] { trustAllCerts }, new SecureRandom());
> +            sc.getDefaultSSLParameters().setProtocols(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" });

@diwakergupta @nacx Is this change actually needed if `getInstance` above is set to `TLS`?

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575/files#r19053192

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by CloudBees pull request builder plugin <no...@github.com>.

[jclouds-pull-requests-java-6 #206](https://jclouds.ci.cloudbees.com/job/jclouds-pull-requests-java-6/206/) SUCCESS
This pull request looks good

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59594229

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by Ignasi Barrera <no...@github.com>.

Thanks! Changes LGTM. @adriancole might be able to confirm, but I think no changes are required to the current implementation of the OkHttp driver.

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59630945

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by Andrew Phillips <no...@github.com>.

Commit applying the same changes to another SSLContext created by the Apache HC driver about to come.

The OkHttp driver seems to use the standard SSLModule only, so should be fixed with the existing changes in this PR.

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59610843

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by Ignasi Barrera <no...@github.com>.

> @@ -87,6 +87,7 @@ public SSLContext get() {
>              SSLContext sc;
>              sc = SSLContext.getInstance("SSL");

For consistency, should this also be changed to `SSLContext.getInstance("TLS")`?

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575/files#r19008955

Re: [jclouds] Enforcing TLS for SSL connections (#575)

Posted by BuildHive <no...@github.com>.

[jclouds » jclouds #1801](https://buildhive.cloudbees.com/job/jclouds/job/jclouds/1801/) SUCCESS
This pull request looks good
[(what's this?)](https://www.cloudbees.com/what-is-buildhive)

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds/pull/575#issuecomment-59597262