You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by ja...@apache.org on 2014/11/13 01:07:57 UTC
[1/3] cassandra git commit: Disable SSLv3 for POODLE
Repository: cassandra
Updated Branches:
refs/heads/trunk eb1c2831c -> e15cf78b5
Disable SSLv3 for POODLE
patch by Jeremiah Jordan; reviewed by jasobrown for CASSANDRA-8265
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/b93f48a5
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/b93f48a5
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/b93f48a5
Branch: refs/heads/trunk
Commit: b93f48a5db321bf7c9fb55a800ed6ab2d6f6b102
Parents: be79142
Author: Jason Brown <ja...@gmail.com>
Authored: Wed Nov 12 15:58:13 2014 -0800
Committer: Jason Brown <ja...@gmail.com>
Committed: Wed Nov 12 15:58:13 2014 -0800
----------------------------------------------------------------------
CHANGES.txt | 1 +
src/java/org/apache/cassandra/security/SSLFactory.java | 4 ++++
.../org/apache/cassandra/thrift/CustomTThreadPoolServer.java | 4 ++++
src/java/org/apache/cassandra/transport/Server.java | 1 +
src/java/org/apache/cassandra/transport/SimpleClient.java | 1 +
5 files changed, 11 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/b93f48a5/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 47e611c..809a102 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
2.0.12:
+ * Disable SSLv3 for POODLE (CASSANDRA-8265)
* Fix millisecond timestamps in Tracing (CASSANDRA-8297)
* Include keyspace name in error message when there are insufficient
live nodes to stream from (CASSANDRA-8221)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/b93f48a5/src/java/org/apache/cassandra/security/SSLFactory.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/security/SSLFactory.java b/src/java/org/apache/cassandra/security/SSLFactory.java
index 3cb0670..260c828 100644
--- a/src/java/org/apache/cassandra/security/SSLFactory.java
+++ b/src/java/org/apache/cassandra/security/SSLFactory.java
@@ -61,6 +61,7 @@ public final class SSLFactory
String[] suits = filterCipherSuites(serverSocket.getSupportedCipherSuites(), options.cipher_suites);
serverSocket.setEnabledCipherSuites(suits);
serverSocket.setNeedClientAuth(options.require_client_auth);
+ serverSocket.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"});
serverSocket.bind(new InetSocketAddress(address, port), 500);
return serverSocket;
}
@@ -72,6 +73,7 @@ public final class SSLFactory
SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(address, port, localAddress, localPort);
String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
socket.setEnabledCipherSuites(suits);
+ socket.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"});
return socket;
}
@@ -82,6 +84,7 @@ public final class SSLFactory
SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(address, port);
String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
socket.setEnabledCipherSuites(suits);
+ socket.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"});
return socket;
}
@@ -92,6 +95,7 @@ public final class SSLFactory
SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket();
String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
socket.setEnabledCipherSuites(suits);
+ socket.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"});
return socket;
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/b93f48a5/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java b/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java
index d1a3304..3111deb 100644
--- a/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java
+++ b/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java
@@ -27,6 +27,8 @@ import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
+import javax.net.ssl.SSLServerSocket;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -251,6 +253,8 @@ public class CustomTThreadPoolServer extends TServer
params.requireClientAuth(true);
}
TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params);
+ SSLServerSocket sslServerSocket = (SSLServerSocket) sslServer.getServerSocket();
+ sslServerSocket.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"});
serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize);
}
else
http://git-wip-us.apache.org/repos/asf/cassandra/blob/b93f48a5/src/java/org/apache/cassandra/transport/Server.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/Server.java b/src/java/org/apache/cassandra/transport/Server.java
index f095776..092e1ba 100644
--- a/src/java/org/apache/cassandra/transport/Server.java
+++ b/src/java/org/apache/cassandra/transport/Server.java
@@ -296,6 +296,7 @@ public class Server implements CassandraDaemon.Server
sslEngine.setUseClientMode(false);
sslEngine.setEnabledCipherSuites(encryptionOptions.cipher_suites);
sslEngine.setNeedClientAuth(encryptionOptions.require_client_auth);
+ sslEngine.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"});
SslHandler sslHandler = new SslHandler(sslEngine);
sslHandler.setIssueHandshake(true);
http://git-wip-us.apache.org/repos/asf/cassandra/blob/b93f48a5/src/java/org/apache/cassandra/transport/SimpleClient.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/SimpleClient.java b/src/java/org/apache/cassandra/transport/SimpleClient.java
index 5f2efda..3bcf751 100644
--- a/src/java/org/apache/cassandra/transport/SimpleClient.java
+++ b/src/java/org/apache/cassandra/transport/SimpleClient.java
@@ -259,6 +259,7 @@ public class SimpleClient
SSLEngine sslEngine = sslContext.createSSLEngine();
sslEngine.setUseClientMode(true);
sslEngine.setEnabledCipherSuites(encryptionOptions.cipher_suites);
+ sslEngine.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"});
ChannelPipeline pipeline = super.getPipeline();
pipeline.addFirst("ssl", new SslHandler(sslEngine));
[2/3] cassandra git commit: Merge branch 'cassandra-2.0' into
cassandra-2.1
Posted by ja...@apache.org.
Merge branch 'cassandra-2.0' into cassandra-2.1
Conflicts:
CHANGES.txt
src/java/org/apache/cassandra/transport/Server.java
src/java/org/apache/cassandra/transport/SimpleClient.java
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/1217afb5
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/1217afb5
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/1217afb5
Branch: refs/heads/trunk
Commit: 1217afb5cf68e1d1d8bfc951b74fc4e0fa7b17f2
Parents: 26ea0f6 b93f48a
Author: Jason Brown <ja...@gmail.com>
Authored: Wed Nov 12 16:07:12 2014 -0800
Committer: Jason Brown <ja...@gmail.com>
Committed: Wed Nov 12 16:07:12 2014 -0800
----------------------------------------------------------------------
CHANGES.txt | 1 +
src/java/org/apache/cassandra/security/SSLFactory.java | 4 ++++
.../org/apache/cassandra/thrift/CustomTThreadPoolServer.java | 4 ++++
src/java/org/apache/cassandra/transport/Server.java | 2 +-
src/java/org/apache/cassandra/transport/SimpleClient.java | 1 +
5 files changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/1217afb5/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index 51a3ed0,809a102..1910f31
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,8 -1,5 +1,9 @@@
-2.0.12:
+2.1.3
+ * Support for frozen collections (CASSANDRA-7859)
+ * Fix overflow on histogram computation (CASSANDRA-8028)
+ * Have paxos reuse the timestamp generation of normal queries (CASSANDRA-7801)
+Merged from 2.0:
+ * Disable SSLv3 for POODLE (CASSANDRA-8265)
* Fix millisecond timestamps in Tracing (CASSANDRA-8297)
* Include keyspace name in error message when there are insufficient
live nodes to stream from (CASSANDRA-8221)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/1217afb5/src/java/org/apache/cassandra/thrift/CustomTThreadPoolServer.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/1217afb5/src/java/org/apache/cassandra/transport/Server.java
----------------------------------------------------------------------
diff --cc src/java/org/apache/cassandra/transport/Server.java
index 8af6ee8,092e1ba..2a60242
--- a/src/java/org/apache/cassandra/transport/Server.java
+++ b/src/java/org/apache/cassandra/transport/Server.java
@@@ -324,10 -296,13 +324,10 @@@ public class Server implements Cassandr
sslEngine.setUseClientMode(false);
sslEngine.setEnabledCipherSuites(encryptionOptions.cipher_suites);
sslEngine.setNeedClientAuth(encryptionOptions.require_client_auth);
-
+ sslEngine.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"});
-
SslHandler sslHandler = new SslHandler(sslEngine);
- sslHandler.setIssueHandshake(true);
- ChannelPipeline pipeline = super.getPipeline();
- pipeline.addFirst("ssl", sslHandler);
- return pipeline;
+ super.initChannel(channel);
+ channel.pipeline().addFirst("ssl", sslHandler);
}
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/1217afb5/src/java/org/apache/cassandra/transport/SimpleClient.java
----------------------------------------------------------------------
diff --cc src/java/org/apache/cassandra/transport/SimpleClient.java
index 3cf9b7b,3bcf751..2e1e45e
--- a/src/java/org/apache/cassandra/transport/SimpleClient.java
+++ b/src/java/org/apache/cassandra/transport/SimpleClient.java
@@@ -253,7 -259,11 +253,8 @@@ public class SimpleClien
SSLEngine sslEngine = sslContext.createSSLEngine();
sslEngine.setUseClientMode(true);
sslEngine.setEnabledCipherSuites(encryptionOptions.cipher_suites);
+ sslEngine.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"});
- ChannelPipeline pipeline = super.getPipeline();
-
- pipeline.addFirst("ssl", new SslHandler(sslEngine));
- return pipeline;
+ channel.pipeline().addFirst("ssl", new SslHandler(sslEngine));
}
}
[3/3] cassandra git commit: Merge branch 'cassandra-2.1' into trunk
Posted by ja...@apache.org.
Merge branch 'cassandra-2.1' into trunk
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/e15cf78b
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/e15cf78b
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/e15cf78b
Branch: refs/heads/trunk
Commit: e15cf78b551b9e7329eb05ab8e6fead905bbfeee
Parents: eb1c283 1217afb
Author: Jason Brown <ja...@gmail.com>
Authored: Wed Nov 12 16:07:44 2014 -0800
Committer: Jason Brown <ja...@gmail.com>
Committed: Wed Nov 12 16:07:44 2014 -0800
----------------------------------------------------------------------
CHANGES.txt | 1 +
src/java/org/apache/cassandra/security/SSLFactory.java | 4 ++++
.../org/apache/cassandra/thrift/CustomTThreadPoolServer.java | 4 ++++
src/java/org/apache/cassandra/transport/Server.java | 2 +-
src/java/org/apache/cassandra/transport/SimpleClient.java | 1 +
5 files changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/e15cf78b/CHANGES.txt
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/e15cf78b/src/java/org/apache/cassandra/transport/Server.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/e15cf78b/src/java/org/apache/cassandra/transport/SimpleClient.java
----------------------------------------------------------------------