Stop using a specific, hardcoded SSL Context.

Description

Openfire (in EncryptionFactory, potentially other places) uses a SSLContext that's TLSv1, hardcoded. This was probably a good, strong choice at the time it was written, but it's starting to become a mediocre choice now.

Openfire should not hardcode the setting - the default setting should be increased.

Interestingly, Java allows you to use a version named 'default' - which probably is going to be something that's deemed appropriate in a particular version of Java.

Openfire should allow the context version to be updated, and should probably use 'default' if no explicit configuration is given.

Environment

None

Activity

Show:

Daryl Herzmann

August 2, 2019, 7:53 PM

Copy link to comment

Testing commit on Ignite and then will backport to 4.4 if OK.

Daryl Herzmann

August 2, 2019, 8:10 PM

Copy link to comment

picked onto 4.4 branch

Fixed

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

TLS

Fix versions

4.4.1

Priority

Major

Configure