You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Robbie Gemmell (JIRA)" <ji...@apache.org> on 2017/08/31 11:22:02 UTC
[jira] [Resolved] (PROTON-1565) dont throw if the anonymous ciphers
are not supported
[ https://issues.apache.org/jira/browse/PROTON-1565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robbie Gemmell resolved PROTON-1565.
------------------------------------
Resolution: Fixed
> dont throw if the anonymous ciphers are not supported
> -----------------------------------------------------
>
> Key: PROTON-1565
> URL: https://issues.apache.org/jira/browse/PROTON-1565
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-j
> Affects Versions: proton-j-0.20.0
> Reporter: Robbie Gemmell
> Assignee: Robbie Gemmell
> Fix For: proton-j-0.21.0
>
>
> When the 'anonymous peer' ssl verify mode is used the transport ssl wrapper tries to additionally enable the anonymous ciphers and throws if it fails to enable any of them. The JVM has config to control which ciphers are supported, and if they aren't supported, they obviously can't be enabled; some environments disable support for them by default, and others may explicitly choose to. In that scenario the transport ssl layer fails to operate even where an anonymous cipher wasn't ultimately going to be used (that exact scenario observed in a test failure on Fedora26 with its packaged OpenJDK8).
> As this situation isn't really much different than other scenarios a client and server might fail to agree on a cipher and fail, it doesn't seem that it need be special cased. Removing the throw would allow scenarios which could succeed to continue on and do so, while those that would fail doing so.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org