You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Stefan Podkowinski (JIRA)" <ji...@apache.org> on 2017/12/11 15:44:00 UTC

[jira] [Updated] (CASSANDRA-14067) Change default for SSL algorithm

     [ https://issues.apache.org/jira/browse/CASSANDRA-14067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Podkowinski updated CASSANDRA-14067:
-------------------------------------------
    Status: Open  (was: Patch Available)

> Change default for SSL algorithm
> --------------------------------
>
>                 Key: CASSANDRA-14067
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14067
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Stefan Podkowinski
>            Assignee: Stefan Podkowinski
>              Labels: security
>             Fix For: 4.x
>
>
> The hardcoded default for the SSL validation algorithm should be changed from SunX509 to PKIX, which has been [default since Java 7|https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#SupportClasses]. Starting with Java 9, the use of SunX509 is [actively discouraged|https://bugs.openjdk.java.net/browse/JDK-8169745], as it implements fewer security constraints. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org