You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@geode.apache.org by bu...@apache.org on 2020/10/05 21:50:34 UTC

[geode] branch feature/GEODE-8419-backport-1-13 created (now ec64941)

This is an automated email from the ASF dual-hosted git repository.

burcham pushed a change to branch feature/GEODE-8419-backport-1-13
in repository https://gitbox.apache.org/repos/asf/geode.git.


      at ec64941  GEODE-8419: SSL/TLS protocol and cipher suite configuration is ignored (#5465)

This branch includes the following new commits:

     new 8754e5f  GEODE-8419: move SSLUtil to net package in preparation for cherry-pick
     new ec64941  GEODE-8419: SSL/TLS protocol and cipher suite configuration is ignored (#5465)

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[geode] 01/02: GEODE-8419: move SSLUtil to net package in preparation for cherry-pick

Posted by bu...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

burcham pushed a commit to branch feature/GEODE-8419-backport-1-13
in repository https://gitbox.apache.org/repos/asf/geode.git

commit 8754e5fd0f0be1735c627e849e03345e351db683
Author: Bill Burcham <bi...@gmail.com>
AuthorDate: Mon Oct 5 14:26:33 2020 -0700

    GEODE-8419: move SSLUtil to net package in preparation for cherry-pick
---
 geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java | 2 +-
 .../org/apache/geode/{management/internal => internal/net}/SSLUtil.java | 2 +-
 .../src/main/java/org/apache/geode/internal/net/SocketCreator.java      | 1 -
 .../org/apache/geode/management/internal/api/GeodeConnectionConfig.java | 2 +-
 .../apache/geode/management/internal/cli/commands/ConnectCommand.java   | 2 +-
 .../main/java/org/apache/geode/internal/cache/InternalHttpService.java  | 2 +-
 6 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
index b1e3f07..6ed5521 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
@@ -28,9 +28,9 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.geode.annotations.Immutable;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
+import org.apache.geode.internal.net.SSLUtil;
 import org.apache.geode.internal.security.CallbackInstantiator;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
-import org.apache.geode.management.internal.SSLUtil;
 import org.apache.geode.net.SSLParameterExtension;
 
 /**
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/SSLUtil.java b/geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java
similarity index 99%
rename from geode-core/src/main/java/org/apache/geode/management/internal/SSLUtil.java
rename to geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java
index 931539c..0d6598d 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/SSLUtil.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java
@@ -12,7 +12,7 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-package org.apache.geode.management.internal;
+package org.apache.geode.internal.net;
 
 import java.io.FileInputStream;
 import java.security.KeyStore;
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
index 1a9a0d3..7981d3c 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
@@ -85,7 +85,6 @@ import org.apache.geode.internal.inet.LocalHostUtil;
 import org.apache.geode.internal.util.ArgumentRedactor;
 import org.apache.geode.internal.util.PasswordUtil;
 import org.apache.geode.logging.internal.log4j.api.LogService;
-import org.apache.geode.management.internal.SSLUtil;
 import org.apache.geode.net.SSLParameterExtension;
 import org.apache.geode.util.internal.GeodeGlossary;
 
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java b/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java
index 0eeaaf8..53c7318 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java
@@ -41,12 +41,12 @@ import org.apache.geode.internal.InternalDataSerializer;
 import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.cache.GemFireCacheImpl;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
+import org.apache.geode.internal.net.SSLUtil;
 import org.apache.geode.internal.net.SocketCreatorFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.logging.internal.log4j.api.LogService;
 import org.apache.geode.management.api.ConnectionConfig;
 import org.apache.geode.management.client.ClusterManagementServiceBuilder;
-import org.apache.geode.management.internal.SSLUtil;
 import org.apache.geode.management.internal.configuration.messages.ClusterManagementServiceInfo;
 import org.apache.geode.management.internal.configuration.messages.ClusterManagementServiceInfoRequest;
 import org.apache.geode.management.internal.functions.GetMemberInformationFunction;
diff --git a/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java b/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
index 2531b80..48b601c 100644
--- a/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
+++ b/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
@@ -37,12 +37,12 @@ import org.springframework.shell.core.annotation.CliOption;
 import org.apache.geode.annotations.Immutable;
 import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
+import org.apache.geode.internal.net.SSLUtil;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.management.cli.CliMetaData;
 import org.apache.geode.management.cli.ConverterHint;
 import org.apache.geode.management.internal.JmxManagerLocatorRequest;
 import org.apache.geode.management.internal.JmxManagerLocatorResponse;
-import org.apache.geode.management.internal.SSLUtil;
 import org.apache.geode.management.internal.cli.LogWrapper;
 import org.apache.geode.management.internal.cli.converters.ConnectionEndpointConverter;
 import org.apache.geode.management.internal.cli.domain.ConnectToLocatorResult;
diff --git a/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java b/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java
index 12e7d50..d37d645 100644
--- a/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java
+++ b/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java
@@ -43,9 +43,9 @@ import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
 import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
+import org.apache.geode.internal.net.SSLUtil;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.logging.internal.log4j.api.LogService;
-import org.apache.geode.management.internal.SSLUtil;
 import org.apache.geode.management.internal.beans.CacheServiceMBeanBase;
 
 public class InternalHttpService implements HttpService {

[geode] 02/02: GEODE-8419: SSL/TLS protocol and cipher suite configuration is ignored (#5465)

Posted by bu...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

burcham pushed a commit to branch feature/GEODE-8419-backport-1-13
in repository https://gitbox.apache.org/repos/asf/geode.git

commit ec649411c14b05c38aaf2edb8299a7daf7ed027b
Author: Bruce Schuchardt <bs...@pivotal.io>
AuthorDate: Wed Aug 19 15:27:07 2020 -0700

    GEODE-8419: SSL/TLS protocol and cipher suite configuration is ignored (#5465)
    
    * GEODE-8419: SSL/TLS protocol and cipher suite configuration is ignored
    
    Configure cipher suites when creating an SSLEngine
    
    (cherry picked from commit 537721ff815cf40eff85fde65db9b5e787471c89)
---
 .../apache/geode/internal/SSLConfigJUnitTest.java  |  2 +-
 ...LSocketHostNameVerificationIntegrationTest.java |  4 +-
 .../internal/net/SSLSocketIntegrationTest.java     |  4 +-
 .../internal/net/SocketCreatorFailHandshake.java   |  2 -
 .../admin/internal/AdminDistributedSystemImpl.java |  2 +-
 .../apache/geode/distributed/LocatorLauncher.java  |  2 +-
 .../admin/remote/DistributionLocatorId.java        |  2 +-
 .../admin/remote/RemoteTransportConfig.java        |  2 +-
 .../geode/internal/net/SCClusterSocketCreator.java |  1 -
 .../geode/internal/{admin => net}/SSLConfig.java   |  3 +-
 .../internal/net/SSLConfigurationFactory.java      |  1 -
 .../org/apache/geode/internal/net/SSLUtil.java     | 66 +++++++++------
 .../apache/geode/internal/net/SocketCreator.java   | 96 +++++++++++++++-------
 .../geode/internal/net/SocketCreatorFactory.java   |  1 -
 .../org/apache/geode/internal/tcp/Connection.java  |  2 +-
 .../ContextAwareSSLRMIClientSocketFactory.java     |  2 +-
 .../management/internal/JmxManagerAdvisee.java     |  2 +-
 .../internal/JmxManagerLocatorRequest.java         |  2 +-
 .../geode/management/internal/ManagementAgent.java |  2 +-
 .../internal/api/GeodeConnectionConfig.java        |  2 +-
 ...ClusterManagementServiceInfoRequestHandler.java |  2 +-
 .../functions/GetMemberInformationFunction.java    |  2 +-
 .../net/SSLConfigurationFactoryJUnitTest.java      |  1 -
 .../org/apache/geode/internal/net/SSLUtilTest.java | 84 +++++++++++++++++++
 .../geode/internal/net/SocketCreatorJUnitTest.java | 55 ++++++++++++-
 .../apache/geode/internal/tcp/TCPConduitTest.java  |  2 +-
 .../internal/cli/commands/ConnectCommand.java      |  2 +-
 .../internal/cli/shell/JmxOperationInvoker.java    |  2 +-
 .../geode/internal/cache/InternalHttpService.java  |  2 +-
 .../acceptance/CacheConnectionIntegrationTest.java |  2 +-
 .../v1/acceptance/CacheOperationsJUnitTest.java    |  2 +-
 .../geode/tools/pulse/tests/rules/ServerRule.java  |  2 +-
 .../java/org/apache/geode/redis/SSLTest.java       |  2 +-
 33 files changed, 271 insertions(+), 89 deletions(-)

diff --git a/geode-core/src/integrationTest/java/org/apache/geode/internal/SSLConfigJUnitTest.java b/geode-core/src/integrationTest/java/org/apache/geode/internal/SSLConfigJUnitTest.java
index 99ec074..2a3ded9 100755
--- a/geode-core/src/integrationTest/java/org/apache/geode/internal/SSLConfigJUnitTest.java
+++ b/geode-core/src/integrationTest/java/org/apache/geode/internal/SSLConfigJUnitTest.java
@@ -67,7 +67,7 @@ import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
 import org.apache.geode.distributed.internal.DistributionConfigImpl;
-import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.test.junit.categories.SecurityTest;
 
diff --git a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketHostNameVerificationIntegrationTest.java b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketHostNameVerificationIntegrationTest.java
index 5483457..dc7df44 100755
--- a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketHostNameVerificationIntegrationTest.java
+++ b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketHostNameVerificationIntegrationTest.java
@@ -168,7 +168,7 @@ public class SSLSocketHostNameVerificationIntegrationTest {
     this.clientSocket = clientChannel.socket();
 
     SSLEngine sslEngine =
-        this.socketCreator.createSSLEngine(this.localHost.getHostName(), 1234);
+        this.socketCreator.createSSLEngine(this.localHost.getHostName(), 1234, true);
 
     try {
       this.socketCreator.handshakeSSLSocketChannel(clientSocket.getChannel(),
@@ -200,7 +200,7 @@ public class SSLSocketHostNameVerificationIntegrationTest {
       try {
         socket = serverSocket.accept();
         SocketCreator sc = SocketCreatorFactory.getSocketCreatorForComponent(CLUSTER);
-        final SSLEngine sslEngine = sc.createSSLEngine(this.localHost.getHostName(), 1234);
+        final SSLEngine sslEngine = sc.createSSLEngine(this.localHost.getHostName(), 1234, false);
         engine =
             sc.handshakeSSLSocketChannel(socket.getChannel(),
                 sslEngine,
diff --git a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketIntegrationTest.java b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketIntegrationTest.java
index 4800940..19eab4f 100755
--- a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketIntegrationTest.java
+++ b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketIntegrationTest.java
@@ -227,7 +227,7 @@ public class SSLSocketIntegrationTest {
     clientSocket = clientChannel.socket();
     NioSslEngine engine =
         clusterSocketCreator.handshakeSSLSocketChannel(clientSocket.getChannel(),
-            clusterSocketCreator.createSSLEngine("localhost", 1234), 0, true,
+            clusterSocketCreator.createSSLEngine("localhost", 1234, true), 0, true,
             ByteBuffer.allocate(65535), new BufferPool(mock(DMStats.class)));
     clientChannel.configureBlocking(true);
 
@@ -273,7 +273,7 @@ public class SSLSocketIntegrationTest {
 
         socket = serverSocket.accept();
         SocketCreator sc = SocketCreatorFactory.getSocketCreatorForComponent(CLUSTER);
-        final SSLEngine sslEngine = sc.createSSLEngine("localhost", 1234);
+        final SSLEngine sslEngine = sc.createSSLEngine("localhost", 1234, false);
         engine =
             sc.handshakeSSLSocketChannel(socket.getChannel(), sslEngine,
                 timeoutMillis,
diff --git a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SocketCreatorFailHandshake.java b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SocketCreatorFailHandshake.java
index 286ec43..d899baa 100644
--- a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SocketCreatorFailHandshake.java
+++ b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SocketCreatorFailHandshake.java
@@ -20,8 +20,6 @@ import java.util.List;
 
 import javax.net.ssl.SSLException;
 
-import org.apache.geode.internal.admin.SSLConfig;
-
 /*
  * This test class will fail the TLS handshake with an SSLException, by default.
  */
diff --git a/geode-core/src/main/java/org/apache/geode/admin/internal/AdminDistributedSystemImpl.java b/geode-core/src/main/java/org/apache/geode/admin/internal/AdminDistributedSystemImpl.java
index 66ff10f..2c279f9 100755
--- a/geode-core/src/main/java/org/apache/geode/admin/internal/AdminDistributedSystemImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/admin/internal/AdminDistributedSystemImpl.java
@@ -81,7 +81,6 @@ import org.apache.geode.internal.admin.GemFireVM;
 import org.apache.geode.internal.admin.GfManagerAgent;
 import org.apache.geode.internal.admin.GfManagerAgentConfig;
 import org.apache.geode.internal.admin.GfManagerAgentFactory;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.admin.remote.CompactRequest;
 import org.apache.geode.internal.admin.remote.DistributionLocatorId;
 import org.apache.geode.internal.admin.remote.MissingPersistentIDsRequest;
@@ -96,6 +95,7 @@ import org.apache.geode.internal.logging.Banner;
 import org.apache.geode.internal.logging.InternalLogWriter;
 import org.apache.geode.internal.logging.LogWriterFactory;
 import org.apache.geode.internal.logging.log4j.LogMarker;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.util.concurrent.FutureResult;
 import org.apache.geode.logging.internal.LoggingSession;
 import org.apache.geode.logging.internal.NullLoggingSession;
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/LocatorLauncher.java b/geode-core/src/main/java/org/apache/geode/distributed/LocatorLauncher.java
index 21294a22..0cd015e 100644
--- a/geode-core/src/main/java/org/apache/geode/distributed/LocatorLauncher.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/LocatorLauncher.java
@@ -67,9 +67,9 @@ import org.apache.geode.distributed.internal.tcpserver.TcpSocketFactory;
 import org.apache.geode.internal.DistributionLocator;
 import org.apache.geode.internal.GemFireVersion;
 import org.apache.geode.internal.InternalDataSerializer;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.inet.LocalHostUtil;
 import org.apache.geode.internal.lang.ObjectUtils;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.process.ConnectionFailedException;
diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/remote/DistributionLocatorId.java b/geode-core/src/main/java/org/apache/geode/internal/admin/remote/DistributionLocatorId.java
index 2ede0a1..3af2017 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/admin/remote/DistributionLocatorId.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/admin/remote/DistributionLocatorId.java
@@ -27,8 +27,8 @@ import org.apache.geode.InternalGemFireException;
 import org.apache.geode.distributed.Locator;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.tcpserver.HostAndPort;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.inet.LocalHostUtil;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SocketCreator;
 
 /**
diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/remote/RemoteTransportConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/remote/RemoteTransportConfig.java
index 42aa306..ab43000 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/admin/remote/RemoteTransportConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/admin/remote/RemoteTransportConfig.java
@@ -36,8 +36,8 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.membership.api.MembershipInformation;
 import org.apache.geode.internal.Assert;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.admin.TransportConfig;
+import org.apache.geode.internal.net.SSLConfig;
 
 /**
  * Tranport config for RemoteGfManagerAgent.
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SCClusterSocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SCClusterSocketCreator.java
index 866aa44..1ff585e 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SCClusterSocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SCClusterSocketCreator.java
@@ -26,7 +26,6 @@ import javax.net.ssl.SSLServerSocket;
 
 import org.apache.geode.GemFireConfigException;
 import org.apache.geode.distributed.internal.tcpserver.ClusterSocketCreatorImpl;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.net.SSLParameterExtension;
 
 class SCClusterSocketCreator extends ClusterSocketCreatorImpl {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfig.java
similarity index 99%
rename from geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
rename to geode-core/src/main/java/org/apache/geode/internal/net/SSLConfig.java
index 6ed5521..80718c5 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfig.java
@@ -12,7 +12,7 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-package org.apache.geode.internal.admin;
+package org.apache.geode.internal.net;
 
 import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_CIPHERS;
 import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED;
@@ -28,7 +28,6 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.geode.annotations.Immutable;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
-import org.apache.geode.internal.net.SSLUtil;
 import org.apache.geode.internal.security.CallbackInstantiator;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.net.SSLParameterExtension;
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java b/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java
index 259d578..8a20dfc 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java
@@ -23,7 +23,6 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.geode.annotations.internal.MakeNotStatic;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.DistributionConfigImpl;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 
 public class SSLConfigurationFactory {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java b/geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java
index 0d6598d..5093d86 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java
@@ -30,42 +30,56 @@ import javax.net.ssl.X509TrustManager;
 
 import org.apache.commons.lang3.StringUtils;
 
-import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.annotations.VisibleForTesting;
 
-/**
- *
- * @since GemFire 8.1
- */
 public class SSLUtil {
-  public static SSLContext getSSLContextInstance(SSLConfig sslConfig) {
+  /**
+   * This is a list of the algorithms that are tried, in order, when "any" is specified. Update
+   * this list as new algorithms become available and are supported by Geode. Remove old,
+   * no-longer trusted algorithms.
+   */
+  protected static final String[] DEFAULT_ALGORITMS = {
+      "TLSv1.3",
+      "TLSv1.2"}; // TLSv1.3 is not available in JDK 8 at this time
+
+
+
+  public static SSLContext getSSLContextInstance(SSLConfig sslConfig)
+      throws NoSuchAlgorithmException {
     String[] protocols = sslConfig.getProtocolsAsStringArray();
-    SSLContext sslContext = null;
-    if (protocols != null && protocols.length > 0) {
-      for (String protocol : protocols) {
-        if (!protocol.equals("any")) {
-          try {
-            sslContext = SSLContext.getInstance(protocol);
-            break;
-          } catch (NoSuchAlgorithmException e) {
-            // continue
-          }
+    return findSSLContextForProtocols(protocols, DEFAULT_ALGORITMS);
+  }
+
+  /**
+   * Search for a context supporting one of the given prioritized list of
+   * protocols. The second argument is a list of protocols to try if the
+   * first list contains "any". The second argument should also be in prioritized
+   * order. If there are no matches for any of the protocols in the second
+   * argument we will continue in the first argument list.
+   * with a first argument of A, B, any, C
+   * and a second argument of D, E
+   * the search order would be A, B, D, E, C
+   */
+  @VisibleForTesting
+  protected static SSLContext findSSLContextForProtocols(final String[] protocols,
+      final String[] protocolsForAny)
+      throws NoSuchAlgorithmException {
+    for (String protocol : protocols) {
+      if (protocol.equalsIgnoreCase("any")) {
+        try {
+          return findSSLContextForProtocols(protocolsForAny, new String[0]);
+        } catch (NoSuchAlgorithmException e) {
+          // none of the default algorithms is available - continue to see if there
+          // are any others in the requested list
         }
       }
-    }
-    if (sslContext != null) {
-      return sslContext;
-    }
-    // lookup known algorithms
-    String[] knownAlgorithms = {"SSL", "SSLv2", "SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2"};
-    for (String algo : knownAlgorithms) {
       try {
-        sslContext = SSLContext.getInstance(algo);
-        break;
+        return SSLContext.getInstance(protocol);
       } catch (NoSuchAlgorithmException e) {
         // continue
       }
     }
-    return sslContext;
+    throw new NoSuchAlgorithmException();
   }
 
   /** Read an array of values from a string, whitespace or comma separated. */
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
index 7981d3c..77e289c 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
@@ -78,7 +78,6 @@ import org.apache.geode.distributed.internal.tcpserver.AdvancedSocketCreatorImpl
 import org.apache.geode.distributed.internal.tcpserver.HostAndPort;
 import org.apache.geode.distributed.internal.tcpserver.TcpSocketCreatorImpl;
 import org.apache.geode.internal.ClassPathLoader;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.cache.wan.TransportFilterServerSocket;
 import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory;
 import org.apache.geode.internal.inet.LocalHostUtil;
@@ -196,6 +195,12 @@ public class SocketCreator extends TcpSocketCreatorImpl {
     initialize();
   }
 
+  @VisibleForTesting
+  SocketCreator(final SSLConfig sslConfig, SSLContext sslContext) {
+    this.sslConfig = sslConfig;
+    this.sslContext = sslContext;
+  }
+
   /** returns the hostname or address for this client */
   public static String getClientHostName() throws UnknownHostException {
     InetAddress hostAddr = LocalHostUtil.getLocalHost();
@@ -544,16 +549,48 @@ public class SocketCreator extends TcpSocketCreatorImpl {
   /**
    * Returns an SSLEngine that can be used to perform TLS handshakes and communication
    */
-  public SSLEngine createSSLEngine(String hostName, int port) {
+  public SSLEngine createSSLEngine(String hostName, int port, boolean clientSocket) {
     SSLEngine engine = getSslContext().createSSLEngine(hostName, port);
+    configureSSLEngine(engine, hostName, port, clientSocket);
+    return engine;
+  }
+
+  @VisibleForTesting
+  void configureSSLEngine(SSLEngine engine, String hostName, int port, boolean clientSocket) {
+    SSLParameters parameters = engine.getSSLParameters();
+    boolean updateEngineWithParameters = false;
     if (sslConfig.doEndpointIdentification()) {
       // set server-names so that endpoint identification algorithms can find what's expected
-      SSLParameters parameters = engine.getSSLParameters();
       if (setServerNames(parameters, new HostAndPort(hostName, port))) {
-        engine.setSSLParameters(parameters);
+        updateEngineWithParameters = true;
       }
     }
-    return engine;
+
+    engine.setUseClientMode(clientSocket);
+    if (!clientSocket) {
+      engine.setNeedClientAuth(sslConfig.isRequireAuth());
+    }
+
+    if (clientSocket) {
+      if (checkAndEnableHostnameValidation(parameters)) {
+        updateEngineWithParameters = true;
+      }
+    }
+
+    String[] protocols = this.sslConfig.getProtocolsAsStringArray();
+
+    if (protocols != null && !"any".equalsIgnoreCase(protocols[0])) {
+      engine.setEnabledProtocols(protocols);
+    }
+
+    String[] ciphers = this.sslConfig.getCiphersAsStringArray();
+    if (ciphers != null && !"any".equalsIgnoreCase(ciphers[0])) {
+      engine.setEnabledCipherSuites(ciphers);
+    }
+
+    if (updateEngineWithParameters) {
+      engine.setSSLParameters(parameters);
+    }
   }
 
   /**
@@ -575,15 +612,6 @@ public class SocketCreator extends TcpSocketCreatorImpl {
       ByteBuffer peerNetBuffer,
       BufferPool bufferPool)
       throws IOException {
-    engine.setUseClientMode(clientSocket);
-    if (!clientSocket) {
-      engine.setNeedClientAuth(sslConfig.isRequireAuth());
-    }
-
-    if (clientSocket) {
-      SSLParameters modifiedParams = checkAndEnableHostnameValidation(engine.getSSLParameters());
-      engine.setSSLParameters(modifiedParams);
-    }
     while (!socketChannel.finishConnect()) {
       try {
         Thread.sleep(50);
@@ -627,18 +655,21 @@ public class SocketCreator extends TcpSocketCreatorImpl {
     return nioSslEngine;
   }
 
-  private SSLParameters checkAndEnableHostnameValidation(SSLParameters sslParameters) {
+  /**
+   * @return true if the parameters have been modified by this method
+   */
+  private boolean checkAndEnableHostnameValidation(SSLParameters sslParameters) {
     if (sslConfig.doEndpointIdentification()) {
       sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
-    } else {
-      if (!hostnameValidationDisabledLogShown) {
-        logger.info("Your SSL configuration disables hostname validation. "
-            + "ssl-endpoint-identification-enabled should be set to true when SSL is enabled. "
-            + "Please refer to the Apache GEODE SSL Documentation for SSL Property: ssl‑endpoint‑identification‑enabled");
-        hostnameValidationDisabledLogShown = true;
-      }
+      return true;
+    }
+    if (!hostnameValidationDisabledLogShown) {
+      logger.info("Your SSL configuration disables hostname validation. "
+          + "ssl-endpoint-identification-enabled should be set to true when SSL is enabled. "
+          + "Please refer to the Apache GEODE SSL Documentation for SSL Property: ssl‑endpoint‑identification‑enabled");
+      hostnameValidationDisabledLogShown = true;
     }
-    return sslParameters;
+    return false;
   }
 
   /**
@@ -728,17 +759,24 @@ public class SocketCreator extends TcpSocketCreatorImpl {
       sslSocket.setUseClientMode(true);
       sslSocket.setEnableSessionCreation(true);
 
-      SSLParameters modifiedParams =
-          checkAndEnableHostnameValidation(sslSocket.getSSLParameters());
+      SSLParameters parameters = sslSocket.getSSLParameters();
+      boolean updateSSLParameters =
+          checkAndEnableHostnameValidation(parameters);
 
-      setServerNames(modifiedParams, addr);
+      if (setServerNames(parameters, addr)) {
+        updateSSLParameters = true;
+      } ;
 
       SSLParameterExtension sslParameterExtension = this.sslConfig.getSSLParameterExtension();
       if (sslParameterExtension != null) {
-        modifiedParams =
-            sslParameterExtension.modifySSLClientSocketParameters(modifiedParams);
+        parameters =
+            sslParameterExtension.modifySSLClientSocketParameters(parameters);
+        updateSSLParameters = true;
+      }
+
+      if (updateSSLParameters) {
+        sslSocket.setSSLParameters(parameters);
       }
-      sslSocket.setSSLParameters(modifiedParams);
 
       String[] protocols = this.sslConfig.getProtocolsAsStringArray();
 
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreatorFactory.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreatorFactory.java
index 088bf94..b3f3d36 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreatorFactory.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreatorFactory.java
@@ -23,7 +23,6 @@ import org.apache.commons.lang3.ArrayUtils;
 import org.apache.geode.GemFireConfigException;
 import org.apache.geode.annotations.internal.MakeNotStatic;
 import org.apache.geode.distributed.internal.DistributionConfig;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 
 public class SocketCreatorFactory {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java b/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java
index 48bd1b5..b93cbce 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java
@@ -1709,7 +1709,7 @@ public class Connection implements Runnable {
       InetSocketAddress address = (InetSocketAddress) channel.getRemoteAddress();
       SSLEngine engine =
           getConduit().getSocketCreator().createSSLEngine(address.getHostString(),
-              address.getPort());
+              address.getPort(), clientSocket);
 
       int packetBufferSize = engine.getSession().getPacketBufferSize();
       if (inputBuffer == null || inputBuffer.capacity() < packetBufferSize) {
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ContextAwareSSLRMIClientSocketFactory.java b/geode-core/src/main/java/org/apache/geode/management/internal/ContextAwareSSLRMIClientSocketFactory.java
index 55eeb6a..135f721 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/ContextAwareSSLRMIClientSocketFactory.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/ContextAwareSSLRMIClientSocketFactory.java
@@ -28,7 +28,7 @@ import javax.rmi.ssl.SslRMIClientSocketFactory;
 
 import org.apache.geode.annotations.Immutable;
 import org.apache.geode.distributed.internal.tcpserver.HostAndPort;
-import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.net.SocketCreatorFactory;
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerAdvisee.java b/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerAdvisee.java
index 9eb8ea3..d2b982a 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerAdvisee.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerAdvisee.java
@@ -23,9 +23,9 @@ import org.apache.geode.distributed.internal.DistributionAdvisor.Profile;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.DistributionManager;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.cache.InternalCacheForClientAccess;
 import org.apache.geode.internal.inet.LocalHostUtil;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.management.ManagementService;
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java b/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java
index 5075af7..5d4d773 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java
@@ -24,7 +24,7 @@ import org.apache.geode.distributed.internal.tcpserver.HostAndPort;
 import org.apache.geode.distributed.internal.tcpserver.TcpClient;
 import org.apache.geode.distributed.internal.tcpserver.TcpSocketFactory;
 import org.apache.geode.internal.InternalDataSerializer;
-import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
index fc7ad22..6d721ab 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
@@ -55,9 +55,9 @@ import org.apache.geode.GemFireConfigException;
 import org.apache.geode.cache.internal.HttpService;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.internal.GemFireVersion;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.internal.inet.LocalHostUtil;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.net.SocketCreatorFactory;
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java b/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java
index 53c7318..5bc770c 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java
@@ -38,8 +38,8 @@ import org.apache.geode.distributed.internal.tcpserver.HostAndPort;
 import org.apache.geode.distributed.internal.tcpserver.TcpClient;
 import org.apache.geode.distributed.internal.tcpserver.TcpSocketFactory;
 import org.apache.geode.internal.InternalDataSerializer;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.cache.GemFireCacheImpl;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.net.SSLUtil;
 import org.apache.geode.internal.net.SocketCreatorFactory;
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/handlers/ClusterManagementServiceInfoRequestHandler.java b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/handlers/ClusterManagementServiceInfoRequestHandler.java
index 42590b3..cf77567 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/handlers/ClusterManagementServiceInfoRequestHandler.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/handlers/ClusterManagementServiceInfoRequestHandler.java
@@ -23,7 +23,7 @@ import org.apache.geode.distributed.internal.DistributionConfigImpl;
 import org.apache.geode.distributed.internal.InternalLocator;
 import org.apache.geode.distributed.internal.tcpserver.TcpHandler;
 import org.apache.geode.distributed.internal.tcpserver.TcpServer;
-import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.management.internal.configuration.messages.ClusterManagementServiceInfo;
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/functions/GetMemberInformationFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/functions/GetMemberInformationFunction.java
index 62ee93e..31f0a2a 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/functions/GetMemberInformationFunction.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/functions/GetMemberInformationFunction.java
@@ -35,12 +35,12 @@ import org.apache.geode.distributed.ServerLauncher;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
 import org.apache.geode.distributed.internal.InternalLocator;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.cache.CacheClientStatus;
 import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.internal.cache.execute.InternalFunction;
 import org.apache.geode.internal.cache.tier.InternalClientMembership;
 import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.management.internal.util.ManagementUtils;
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
index 4c96548..848b962 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
@@ -48,7 +48,6 @@ import org.junit.experimental.categories.Category;
 import org.apache.geode.GemFireConfigException;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.DistributionConfigImpl;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.test.junit.categories.MembershipTest;
 
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SSLUtilTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SSLUtilTest.java
new file mode 100644
index 0000000..524c4fb
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SSLUtilTest.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.internal.net;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
+
+import org.junit.Test;
+
+public class SSLUtilTest {
+
+  @Test(expected = NoSuchAlgorithmException.class)
+  public void failWhenNothingIsRequested() throws Exception {
+    SSLConfig sslConfig = mock(SSLConfig.class);
+    when(sslConfig.getProtocolsAsStringArray())
+        .thenReturn(new String[0]);
+    SSLUtil.getSSLContextInstance(sslConfig);
+  }
+
+  @Test(expected = NoSuchAlgorithmException.class)
+  public void failWithAnUnknownProtocol() throws Exception {
+    SSLConfig sslConfig = mock(SSLConfig.class);
+    when(sslConfig.getProtocolsAsStringArray())
+        .thenReturn(new String[] {"boulevard of broken dreams"});
+    SSLUtil.getSSLContextInstance(sslConfig);
+  }
+
+  @Test
+  public void getASpecificProtocol() throws Exception {
+    SSLConfig sslConfig = mock(SSLConfig.class);
+    when(sslConfig.getProtocolsAsStringArray()).thenReturn(new String[] {"TLSv1.2"});
+    final SSLContext sslContextInstance = SSLUtil.getSSLContextInstance(sslConfig);
+    assertThat(sslContextInstance.getProtocol().equalsIgnoreCase("TLSv1.2")).isTrue();
+  }
+
+  @Test
+  public void getAnyProtocolWithAnUnknownInTheList() throws Exception {
+    SSLConfig sslConfig = mock(SSLConfig.class);
+    when(sslConfig.getProtocolsAsStringArray())
+        .thenReturn(new String[] {"the dream of the blue turtles", "any", "SSL"});
+    final SSLContext sslContextInstance = SSLUtil.getSSLContextInstance(sslConfig);
+    // make sure that we don't continue past "any" and use the following protocol (SSL)
+    assertThat(sslContextInstance.getProtocol().equalsIgnoreCase("SSL")).isFalse();
+    String selectedProtocol = sslContextInstance.getProtocol();
+    String matchedProtocol = null;
+    for (String algorithm : SSLUtil.DEFAULT_ALGORITMS) {
+      if (algorithm.equalsIgnoreCase(selectedProtocol)) {
+        matchedProtocol = algorithm;
+      }
+    }
+    assertThat(matchedProtocol).isNotNull().withFailMessage("selected protocol ("
+        + selectedProtocol +
+        ") is not in the list of default algorithms, "
+        + "indicating that the \"any\" setting did not work correctly");
+  }
+
+  @Test
+  public void getARealProtocolAfterProcessingAny() throws Exception {
+    final String[] algorithms = {"dream weaver", "any", "TLSv1.1"};
+    final String[] algorithmsForAny = new String[] {"sweet dreams (are made of this)"};
+    final SSLContext sslContextInstance = SSLUtil.findSSLContextForProtocols(algorithms,
+        algorithmsForAny);
+    assertThat(sslContextInstance.getProtocol().equalsIgnoreCase("TLSv1.1")).isTrue();
+  }
+
+}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
index 9b8b99a..b15c618 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
@@ -15,22 +15,28 @@
 package org.apache.geode.internal.net;
 
 import static org.apache.geode.test.util.ResourceUtils.createTempFileFromResource;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 import java.net.BindException;
 import java.net.InetAddress;
 import java.net.ServerSocket;
 import java.net.Socket;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSocket;
 
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
+import org.mockito.ArgumentCaptor;
 
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.test.junit.categories.MembershipTest;
 
 @Category({MembershipTest.class})
@@ -98,6 +104,53 @@ public class SocketCreatorJUnitTest {
     }
   }
 
+  @Test
+  public void configureSSLEngine() {
+    SSLConfig config = new SSLConfig.Builder().setCiphers("someCipher").setEnabled(true)
+        .setProtocols("someProtocol").setRequireAuth(true).setKeystore("someKeystore.jks")
+        .setAlias("someAlias").setTruststore("someTruststore.jks")
+        .setEndpointIdentificationEnabled(true).build();
+    SSLContext context = mock(SSLContext.class);
+    SSLParameters parameters = mock(SSLParameters.class);
+
+    SocketCreator socketCreator = new SocketCreator(config, context);
+
+    SSLEngine engine = mock(SSLEngine.class);
+    when(engine.getSSLParameters()).thenReturn(parameters);
+
+    socketCreator.configureSSLEngine(engine, "somehost", 12345, true);
+
+    verify(engine).setUseClientMode(isA(Boolean.class));
+    verify(engine).setSSLParameters(parameters);
+    verify(engine, never()).setNeedClientAuth(isA(Boolean.class));
+
+    ArgumentCaptor<String[]> stringArrayCaptor = ArgumentCaptor.forClass(String[].class);
+    verify(engine).setEnabledProtocols(stringArrayCaptor.capture());
+    assertThat(stringArrayCaptor.getValue()).containsExactly("someProtocol");
+    verify(engine).setEnabledCipherSuites(stringArrayCaptor.capture());
+    assertThat(stringArrayCaptor.getValue()).containsExactly("someCipher");
+  }
+
+  @Test
+  public void configureSSLEngineUsingAny() {
+    SSLConfig config = new SSLConfig.Builder().setCiphers("any").setEnabled(true)
+        .setProtocols("any").setRequireAuth(true).setKeystore("someKeystore.jks")
+        .setAlias("someAlias").setTruststore("someTruststore.jks")
+        .setEndpointIdentificationEnabled(true).build();
+    SSLContext context = mock(SSLContext.class);
+    SSLParameters parameters = mock(SSLParameters.class);
+
+    SocketCreator socketCreator = new SocketCreator(config, context);
+
+    SSLEngine engine = mock(SSLEngine.class);
+    when(engine.getSSLParameters()).thenReturn(parameters);
+
+    socketCreator.configureSSLEngine(engine, "somehost", 12345, true);
+
+    verify(engine, never()).setEnabledCipherSuites(isA(String[].class));
+    verify(engine, never()).setEnabledProtocols(isA(String[].class));
+  }
+
   private String getSingleKeyKeystore() {
     return createTempFileFromResource(getClass(), "/ssl/trusted.keystore").getAbsolutePath();
   }
diff --git a/geode-core/src/test/java/org/apache/geode/internal/tcp/TCPConduitTest.java b/geode-core/src/test/java/org/apache/geode/internal/tcp/TCPConduitTest.java
index edd081d..0c30ce2 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/tcp/TCPConduitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/tcp/TCPConduitTest.java
@@ -45,8 +45,8 @@ import org.apache.geode.distributed.internal.DistributionManager;
 import org.apache.geode.distributed.internal.direct.DirectChannel;
 import org.apache.geode.distributed.internal.membership.InternalDistributedMember;
 import org.apache.geode.distributed.internal.membership.api.Membership;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.inet.LocalHostUtil;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SocketCreator;
 
 public class TCPConduitTest {
diff --git a/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java b/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
index 48b601c..4816fbf 100644
--- a/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
+++ b/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
@@ -35,7 +35,7 @@ import org.springframework.shell.core.annotation.CliCommand;
 import org.springframework.shell.core.annotation.CliOption;
 
 import org.apache.geode.annotations.Immutable;
-import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.net.SSLUtil;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
diff --git a/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java b/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
index 67aed7a..2433387 100644
--- a/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
+++ b/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
@@ -51,7 +51,7 @@ import com.healthmarketscience.rmiio.RemoteOutputStreamClient;
 import org.apache.commons.io.IOUtils;
 import org.apache.logging.log4j.Logger;
 
-import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.logging.internal.log4j.api.LogService;
diff --git a/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java b/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java
index d37d645..7cb27a2 100644
--- a/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java
+++ b/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java
@@ -41,7 +41,7 @@ import org.apache.geode.cache.Cache;
 import org.apache.geode.cache.internal.HttpService;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
-import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.net.SSLUtil;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
diff --git a/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheConnectionIntegrationTest.java b/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheConnectionIntegrationTest.java
index 5917829..75ece12 100644
--- a/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheConnectionIntegrationTest.java
+++ b/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheConnectionIntegrationTest.java
@@ -62,9 +62,9 @@ import org.apache.geode.distributed.ConfigurationProperties;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
 import org.apache.geode.distributed.internal.tcpserver.HostAndPort;
 import org.apache.geode.internal.AvailablePortHelper;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.cache.InternalCacheServer;
 import org.apache.geode.internal.cache.tier.Acceptor;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.net.SocketCreatorFactory;
 import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics;
diff --git a/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheOperationsJUnitTest.java b/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheOperationsJUnitTest.java
index f4d2e70..0a12f05 100644
--- a/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheOperationsJUnitTest.java
+++ b/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheOperationsJUnitTest.java
@@ -55,7 +55,7 @@ import org.apache.geode.cache.server.CacheServer;
 import org.apache.geode.distributed.ConfigurationProperties;
 import org.apache.geode.distributed.internal.tcpserver.HostAndPort;
 import org.apache.geode.internal.AvailablePortHelper;
-import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.net.SocketCreatorFactory;
 import org.apache.geode.internal.protocol.protobuf.v1.BasicTypes;
diff --git a/geode-pulse/geode-pulse-test/src/main/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java b/geode-pulse/geode-pulse-test/src/main/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java
index 0e70235..db3b181 100644
--- a/geode-pulse/geode-pulse-test/src/main/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java
+++ b/geode-pulse/geode-pulse-test/src/main/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java
@@ -26,8 +26,8 @@ import java.util.Properties;
 import org.junit.rules.ExternalResource;
 
 import org.apache.geode.internal.AvailablePort;
-import org.apache.geode.internal.admin.SSLConfig;
 import org.apache.geode.internal.cache.InternalHttpService;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.tools.pulse.internal.data.PulseConstants;
 import org.apache.geode.tools.pulse.tests.Server;
 
diff --git a/geode-redis/src/integrationTest/java/org/apache/geode/redis/SSLTest.java b/geode-redis/src/integrationTest/java/org/apache/geode/redis/SSLTest.java
index 13fa4f0..4df2e6b 100644
--- a/geode-redis/src/integrationTest/java/org/apache/geode/redis/SSLTest.java
+++ b/geode-redis/src/integrationTest/java/org/apache/geode/redis/SSLTest.java
@@ -26,7 +26,7 @@ import org.junit.experimental.categories.Category;
 import redis.clients.jedis.Jedis;
 
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
-import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfig;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.test.junit.categories.RedisTest;