You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rocketmq.apache.org by yu...@apache.org on 2017/12/01 11:52:44 UTC

[rocketmq] branch develop updated: [ROCKETMQ-315] Enhance TLS default settings

This is an automated email from the ASF dual-hosted git repository.

yukon pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git


The following commit(s) were added to refs/heads/develop by this push:
     new 5a2e710  [ROCKETMQ-315] Enhance TLS default settings
5a2e710 is described below

commit 5a2e71098793be75cc5b2c8984e99ad3651eba40
Author: shutian.lzh <sh...@alibaba-inc.com>
AuthorDate: Fri Dec 1 19:52:30 2017 +0800

    [ROCKETMQ-315] Enhance TLS default settings
    
    Author: shutian.lzh <sh...@alibaba-inc.com>
    
    Closes #194 from lizhanhui/tls_enhance_defaults.
---
 broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java      | 2 +-
 .../main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java b/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java
index e9237b6..a066652 100644
--- a/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java
+++ b/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java
@@ -98,7 +98,7 @@ public class BrokerStartup {
             final BrokerConfig brokerConfig = new BrokerConfig();
             final NettyServerConfig nettyServerConfig = new NettyServerConfig();
             final NettyClientConfig nettyClientConfig = new NettyClientConfig();
-            nettyClientConfig.setUseTLS(NettySystemConfig.sslMode != SslMode.DISABLED);
+            nettyClientConfig.setUseTLS(NettySystemConfig.sslMode == SslMode.ENFORCING);
             nettyServerConfig.setListenPort(10911);
             final MessageStoreConfig messageStoreConfig = new MessageStoreConfig();
 
diff --git a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java
index 28a7f27..b9c1f3f 100644
--- a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java
+++ b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java
@@ -57,7 +57,7 @@ public class NettySystemConfig {
      * </ol>
      */
     public static SslMode sslMode = //
-        SslMode.parse(System.getProperty(ORG_APACHE_ROCKETMQ_REMOTING_SSL_MODE, "disabled"));
+        SslMode.parse(System.getProperty(ORG_APACHE_ROCKETMQ_REMOTING_SSL_MODE, "permissive"));
 
     public static String sslConfigFile = //
         System.getProperty(ORG_APACHE_ROCKETMQ_REMOTING_SSL_CONFIG_FILE, "/etc/rocketmq/ssl.properties");

-- 
To stop receiving notification emails like this one, please contact
['"commits@rocketmq.apache.org" <co...@rocketmq.apache.org>'].