Re: MINA 2.1 vs MINA 2.2 API differences

Fri, 28 Jan 2022 15:30:08 -0800 

It should.
What is really puzzling is when we set the server to use TLS 1.2 *and* the client to TLS 1.2, and that fails whatever Java version we use... 

On 29/01/2022 00:14, Jonathan Valliere wrote:

Shouldn’t it be downgrading during the handshake?


On Fri, Jan 28, 2022 at 6:12 PM Emmanuel Lécharny <elecha...@gmail.com 
<mailto:elecha...@gmail.com>> wrote:


    Hi Jonathan,

    after a big fight, I finally found that the SslFilterTest was
    failing in
    Mina 2.2 with Java 8 and 11 when the client was not set to use TLS V1.3
    (it was set to use "TLS"). Note that the client is a plain SSL Socket,
    created by a SSLSocketFactory.

    So the combinations that work :
    Java  8 + Client TLSv1.3 + Server TLSv1.2 -> OK
    Java 11 + Client TLSv1.3 + Server TLSv1.2 -> OK
    Java  8 + Client TLSv1.3 + Server TLSv1.3 -> OK
    Java 11 + Client TLSv1.3 + Server TLSv1.3 -> OK

    And for those that don't work:
    Java  8 + Client TLSv1.2 + Server TLSv1.2 -> KO
    Java 11 + Client TLSv1.2 + Server TLSv1.2 -> KO
    Java  8 + Client TLSv1.2 + Server TLSv1.3 -> KO
    Java 11 + Client TLSv1.2 + Server TLSv1.3 -> KO

    That is a bit problematic as we may have client that aren't using
    TLS 1.3...

    On 21/01/2022 16:23, Emmanuel Lécharny wrote:
     >
     >
     > On 21/01/2022 13:23, Jonathan Valliere wrote:
     >> You can also use the DisableEncryptionWriteRequesf to wrap your
     >> WriteRequest you want to bypass the SSL filter.
     >
     > Yes, but all in all, I think this WriteRequest class should go. The
     > original Attribute was specifically created to bypass the
    SslFilter for
     > the StartTLS operation, and in retrospect, thatw as a mistake.
     >
     > I like the Filter idea.
     >


    -- 
    *Emmanuel Lécharny - CTO* 205 Promenade

    
<https://www.google.com/maps/search/Emmanuel+L%C3%A9charny+-+CTO*+205+Promenade+?entry=gmail&source=g>des
    Anglais – 06200 NICE
    T. +33 (0)4 89 97 36 50
    P. +33 (0)6 08 33 32 61
    emmanuel.lecha...@busit.com <mailto:emmanuel.lecha...@busit.com>
    https://www.busit.com/ <https://www.busit.com/>

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
    <mailto:dev-unsubscr...@mina.apache.org>
    For additional commands, e-mail: dev-h...@mina.apache.org
    <mailto:dev-h...@mina.apache.org>



--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org






























					Reply via email to