You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Stefan Podkowinski (JIRA)" <ji...@apache.org> on 2017/11/22 10:26:00 UTC

[jira] [Created] (CASSANDRA-14067) Change default for SSL algorithm

Stefan Podkowinski created CASSANDRA-14067:
----------------------------------------------

             Summary: Change default for SSL algorithm
                 Key: CASSANDRA-14067
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14067
             Project: Cassandra
          Issue Type: Bug
            Reporter: Stefan Podkowinski
            Assignee: Stefan Podkowinski
             Fix For: 4.x


The hardcoded default for the SSL validation algorithm should be changed from SunX509 to PKIX, which has been [default since Java 7|https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#SupportClasses]. Starting with Java 9, the use of SunX509 is [actively discouraged|https://bugs.openjdk.java.net/browse/JDK-8169745], as it implements fewer security constraints. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org