Communication encryption is implemented using Security API hence Ignite supports the following security algorithms: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext
On Wed, Sep 30, 2015 at 3:23 PM, Dmitriy Setrakyan <dsetrak...@apache.org> wrote: > On Wed, Sep 30, 2015 at 12:18 PM, Branko Čibej <br...@apache.org> wrote: > > > On 30.09.2015 11:18, Nikolay Tikhonov wrote: > > > SslContextFactory allows to set different encryption protocols (by > > default > > > TLS). I think that just "ssl" confuses users. Might be "ssl\tls=off" > more > > > acceptable? > > > > SSL is one (rather old) specification of Transport Layer Security (TLS). > > These days, you shouldn't be using any version of the SSL protocol; they > > all have unfixable security holes. > > > > To be moderately safe, you should implement TLS v1.2 with fallback > > allowed to TLS v1.0 but not lower. Even then, certificates should use at > > least SHA256, preferably SHA512; SHA1 is no longer considered secure. I > > don't recall offhand which ciphers are considered secure, but there > > aren't very many of them. > > > > > Agree. Ignite currently supports TLS. Does anyone know which version of TLS > we support? >
