[ https://issues.apache.org/jira/browse/CASSANDRA-11164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15159131#comment-15159131 ]
Stefan Podkowinski commented on CASSANDRA-11164: ------------------------------------------------ Scope of this ticket as reported would be: - respect ordering of enabled ciphers - apply cipher filtering wherever SSL is used I've now created two patches for that: - {{11164-2.2_1_preserve_cipher_order.patch}} - cherry picked {{filterCipherSuites}} implementation and unit test from CASSANDRA-10508 with some of your suggested changes - {{11164-2.2_2_call_filterCipherSuites_everywhere.patch}} - this is {{11164-2.2.txt}} from Tom minus the {{filterCipherSuites}} implementation ||2.2|| |[Branch|https://github.com/spodkowinski/cassandra/commits/CASSANDRA-11164]| |[testall|http://cassci.datastax.com/view/Dev/view/spodkowinski/job/spodkowinski-CASSANDRA-11164-testall/]| |[dtest|http://cassci.datastax.com/view/Dev/view/spodkowinski/job/spodkowinski-CASSANDRA-11164-dtest/]| > Order and filter cipher suites correctly > ---------------------------------------- > > Key: CASSANDRA-11164 > URL: https://issues.apache.org/jira/browse/CASSANDRA-11164 > Project: Cassandra > Issue Type: Bug > Reporter: Tom Petracca > Assignee: Stefan Podkowinski > Priority: Minor > Fix For: 2.2.x > > Attachments: 11164-2.2.txt, 11164-on-10508-2.2.patch > > > As pointed out in https://issues.apache.org/jira/browse/CASSANDRA-10508, > SSLFactory.filterCipherSuites() doesn't respect the ordering of desired > ciphers in cassandra.yaml. > Also the fix that occurred for > https://issues.apache.org/jira/browse/CASSANDRA-3278 is incomplete and needs > to be applied to all locations where we create an SSLSocket so that JCE is > not required out of the box or with additional configuration. -- This message was sent by Atlassian JIRA (v6.3.4#6332)