>The current SSL implementation is also susceptible to man-in-the-middle as >well. This proposal is really independent of those proposed changes.
This proposal is independent of the proposed changes to use default context. In both cases, the risk is similar if keys are compromised. But in the proposed case there is a risk if DNS is compromised. Also in the legacy case, we can at least recommend users to bring in trust store with only specific keys/CAs. > Are you proposing that we ship a custom trust manager that verifies hosts on all TLS connections? SSLParameters has a property 'setEndpointIdentificationAlgorithm[1]' that can be set and it enabled hostname verification during an SSLSocket handshake. [1] https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm-java.lang.String- Sai On Tue, Aug 14, 2018 at 8:59 AM Jacob Barrett <jbarr...@pivotal.io> wrote: > On Tue, Aug 14, 2018 at 7:47 AM Sai Boorlagadda < > sai_boorlaga...@apache.org> > wrote: > > > Geode currently does not implement hostname verification and is probably > > not required per TLS spec. But it can be supported on TLS as an > additional > > check. The new proposed[1] implementation to use the default SSL context > > could cause certain man-in-the-middle attacks possible if there is no > > hostname verification. > > > The current SSL implementation is also susceptible to man-in-the-middle as > well. This proposal is really independent of those proposed changes. > > > > This is a proposal to add a new boolean SSL property > > `ssl-enable-endpoint-identification` which enables hostname verification > > for secure connections. > > > Are you proposing that we ship a custom trust manager that verifies hosts > on all TLS connections? I would rather shy away from yet another confusing > SSL property. Is there a proposed why for consumers to provide their own > trust manager and host verification process? If so, I assume that is yet > another property, can we merge those properties somehow? > > At this point with all theses system properties can we come up with a > better way to configure SSL? > > -Jake >
