[
https://issues.apache.org/jira/browse/DERBY-2108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467400
]
Bryan Pendleton commented on DERBY-2108:
----------------------------------------
Thanks for the writeup, Bernt! It was very clear.
Is it possible to require less configuration on the client side? Some ideas
that occurred to me included:
- don't require ssl=on; infer this from the JDK SSL parameters being set
- when connecting, always first attempt an SSL connection; if that fails, fall
back to a clear connection
I don't think it's a problem to require configuration tasks on the server side,
but it would be nice if the client had fewer knobs and settings, for two
reasons:
- in general, there are many more clients than there are servers (1 server,
many clients)
- clients may be deployed to environments where there is less availability of
system administration resources
In the past I've noticed that it is quite hard to get SSL configuration
correct. Web browsers seem to have achieved reasonable success partly because
the *only* thing they require, for many situations, is changing "http" to
"https". It would be nice if we could come up with something that was
equivalently trivial for the client to perform.
> Implement SSL/TLS communication between client and server
> ---------------------------------------------------------
>
> Key: DERBY-2108
> URL: https://issues.apache.org/jira/browse/DERBY-2108
> Project: Derby
> Issue Type: New Feature
> Components: Network Client, Network Server
> Reporter: Bernt M. Johnsen
> Assigned To: Bernt M. Johnsen
> Fix For: 10.3.0.0
>
> Attachments: DERBY-2108-first-cut.diff, DERBY-2108-first-cut.stat,
> DERBY-2108-second-cut.diff, DERBY-2108-second-cut.stat,
> DERBY-2108-third-cut.diff, DERBY-2108-third-cut.stat, SSLFuncSpect.txt
>
>
> Implement SSL/TLS communication between client and server
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
