You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Jacob Barrett (Jira)" <ji...@apache.org> on 2020/08/10 23:45:00 UTC
[jira] [Created] (GEODE-8419) SSL/TLS protocol and cipher suite
configuration is ignored
Jacob Barrett created GEODE-8419:
------------------------------------
Summary: SSL/TLS protocol and cipher suite configuration is ignored
Key: GEODE-8419
URL: https://issues.apache.org/jira/browse/GEODE-8419
Project: Geode
Issue Type: Bug
Components: client/server, membership, security
Reporter: Jacob Barrett
Configuring {{ssl-protocols}} or {{ssl-ciphers}} properties, or per-component ssl properties, have no effect. Configuring {{ssl-protocols}} may effect the {{SSLContext}} selected and limit some of the protocols allowed but does not restrict to just the set specified in the property. The {{ssl-ciphers}} property does not limit cipher selection at all.
The result is that all ciphers allowed under the match {{SSLContext}} are allowed and negotiated. This can result in an unintended cipher being used in SSL/TLS communication.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)