You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by je...@apache.org on 2016/03/21 21:40:04 UTC
[33/54] [abbrv] incubator-geode git commit: GEODE-620 Geode SSL
configuration is out of date
GEODE-620 Geode SSL configuration is out of date
In reviewing uses of SSL I found that SocketCreator did not have support for
TLSv1.2 and that one of the test classes had a reference to an RC4-based
cipher suite.
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/442718f4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/442718f4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/442718f4
Branch: refs/heads/feature/GEODE-17-2
Commit: 442718f45f49add3c4b1e4d47049174f038663b3
Parents: d8f28d2
Author: Bruce Schuchardt <bs...@pivotal.io>
Authored: Wed Mar 16 15:57:55 2016 -0700
Committer: Bruce Schuchardt <bs...@pivotal.io>
Committed: Wed Mar 16 16:01:17 2016 -0700
----------------------------------------------------------------------
.../src/main/java/com/gemstone/gemfire/internal/SocketCreator.java | 2 +-
geode-core/src/test/java/security/SSLCredentialGenerator.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/442718f4/geode-core/src/main/java/com/gemstone/gemfire/internal/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/SocketCreator.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/SocketCreator.java
index 5bfa7bd..458f41a 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/SocketCreator.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/SocketCreator.java
@@ -571,7 +571,7 @@ public class SocketCreator {
return c;
}
// lookup known algorithms
- String[] knownAlgorithms = {"SSL", "SSLv2", "SSLv3", "TLS", "TLSv1", "TLSv1.1"};
+ String[] knownAlgorithms = {"SSL", "SSLv2", "SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2"};
for (String algo : knownAlgorithms) {
try {
c = SSLContext.getInstance(algo);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/442718f4/geode-core/src/test/java/security/SSLCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/security/SSLCredentialGenerator.java b/geode-core/src/test/java/security/SSLCredentialGenerator.java
index e547630..d05e963 100755
--- a/geode-core/src/test/java/security/SSLCredentialGenerator.java
+++ b/geode-core/src/test/java/security/SSLCredentialGenerator.java
@@ -76,7 +76,7 @@ public class SSLCredentialGenerator extends CredentialGenerator {
Properties props = new Properties();
props.setProperty("ssl-enabled", "true");
props.setProperty("ssl-require-authentication", "true");
- props.setProperty("ssl-ciphers", "SSL_RSA_WITH_RC4_128_MD5");
+ props.setProperty("ssl-ciphers", "SSL_RSA_WITH_3DES_EDE_CBC_SHA");
props.setProperty("ssl-protocols", "TLSv1");
return props;
}