On Wed, Sep 30, 2015 at 12:18 PM, Branko Čibej <br...@apache.org> wrote:
> On 30.09.2015 11:18, Nikolay Tikhonov wrote: > > SslContextFactory allows to set different encryption protocols (by > default > > TLS). I think that just "ssl" confuses users. Might be "ssl\tls=off" more > > acceptable? > > SSL is one (rather old) specification of Transport Layer Security (TLS). > These days, you shouldn't be using any version of the SSL protocol; they > all have unfixable security holes. > > To be moderately safe, you should implement TLS v1.2 with fallback > allowed to TLS v1.0 but not lower. Even then, certificates should use at > least SHA256, preferably SHA512; SHA1 is no longer considered secure. I > don't recall offhand which ciphers are considered secure, but there > aren't very many of them. > > Agree. Ignite currently supports TLS. Does anyone know which version of TLS we support?
