We're updating the issue view to help you get more done. 

Stop using a specific, hardcoded SSL Context.

Description

Openfire (in EncryptionFactory, potentially other places) uses a SSLContext that's TLSv1, hardcoded. This was probably a good, strong choice at the time it was written, but it's starting to become a mediocre choice now.

Openfire should not hardcode the setting - the default setting should be increased.

Interestingly, Java allows you to use a version named 'default' - which probably is going to be something that's deemed appropriate in a particular version of Java.

Openfire should allow the context version to be updated, and should probably use 'default' if no explicit configuration is given.

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Daryl Herzmann
August 2, 2019, 7:53 PM

Testing commit on Ignite and then will backport to 4.4 if OK.

Daryl Herzmann
August 2, 2019, 8:10 PM

picked onto 4.4 branch

Fixed

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Priority

Major
Configure