You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2023/01/24 09:08:00 UTC

[jira] [Work logged] (KNOX-2864) Make TLS protocol and cipher suites configurable with CM service discovery

     [ https://issues.apache.org/jira/browse/KNOX-2864?focusedWorklogId=841323&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-841323 ]

ASF GitHub Bot logged work on KNOX-2864:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 24/Jan/23 09:07
            Start Date: 24/Jan/23 09:07
    Worklog Time Spent: 10m 
      Work Description: smolnar82 opened a new pull request, #717:
URL: https://github.com/apache/knox/pull/717

   ## What changes were proposed in this pull request?
   
   There are 2 changes in this PR:
   - TLS cipher suites and protocols are now customizable in CM service discovery:
     - end-users can define the TLS protocol(s) and cipher suite(s) to use while creating a secure connection to a CM instance
     - if none is defined, Knox will pick up the relevant supported values from Java's own `java.security` thru the acquired SSL context.
   - Added a new method to indicate the TLS protocols to be included when creating SSL context in the embedded Jetty server. Prior to this change, end-users could only tell what to exclude.
   
   ## How was this patch tested?
   
   Unit testing and running service discovery in a secure cluster with updated SSL configs.




Issue Time Tracking
-------------------

            Worklog Id:     (was: 841323)
    Remaining Estimate: 0h
            Time Spent: 10m

> Make TLS protocol and cipher suites configurable with CM service discovery
> --------------------------------------------------------------------------
>
>                 Key: KNOX-2864
>                 URL: https://issues.apache.org/jira/browse/KNOX-2864
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: cm-discovery, Server
>    Affects Versions: 2.0.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 2.1.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The goal of this Jira is to guarantee:
>  * Knox picks up defaults in Java's {{java.security}} file in terms of disabled algorithms as well as TLS protocols and cipher suites
>  * Also, we want these attributes to be configurable in the [DiscoveryApiClient|https://github.com/apache/knox/blob/master/gateway-discovery-cm/src/main/java/org/apache/knox/gateway/topology/discovery/cm/DiscoveryApiClient.java] class using the already existing gateway-level config.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)