[
https://issues.apache.org/jira/browse/DIRMINA-1179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17866964#comment-17866964
]
Nagarjun Reddy Reddymalli commented on DIRMINA-1179:
----------------------------------------------------
We see that TLS/SSL code has been rewritten for 2.2.x.
Do 2.0.x and 2.1.x support TLSv1.3 ? can we expect any issues if we use these
version?
can you please provide this information?
thank you
> Behavior Change while upgrading mina-core to 2.2.x regarding X509TrustManager
> java class
> -----------------------------------------------------------------------------------------
>
> Key: DIRMINA-1179
> URL: https://issues.apache.org/jira/browse/DIRMINA-1179
> Project: MINA
> Issue Type: Bug
> Components: Core, SSL
> Affects Versions: 2.2.0
> Environment: Operating System: Windows 11
> Jdk 8 : jdk-1.8u411
> Reporter: Nagarjun Reddy Reddymalli
> Priority: Critical
>
> Our project is currently utilizing mina-core 2.0.21.
> We have a client which sends a request to our server as shown below
>
> {code:java}
> SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
> sslContext.init(our keyManager Object, our trustManager Object, null);
> //TrustHostnameVerifier implements HostnameVerifier ( interface from
> java.net.ssl)
> SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
> sslcontext,
> new String[]{"TLSv1.2"},
> null,
> new TrustHostnameVerifier());
> // We use HTTPClient 4.x to send request to our server where sslCotnext is
> used
> CloseableHttpClient httpclient=
> HttpClients.custom().disableAutomaticRetries().setSSLSocketFactory(
> sslsf).build();
> {code}
> Our Server uses mina-core as server and accepts requests and sends a
> response....
> Every time a response comes back, checkServerTrusted method implementation of
> x509TrustManager class gets called.
> Method :
> [https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/X509TrustManager.html#checkServerTrusted-java.security.cert.X509Certificate:A-java.lang.String-]
>
> After we upgraded mina-core to 2.2.x in our server,
> we observed that the above method (checkServerTrusted) is being called only
> on the first Communication request.
> It is not being called in the later requests until we rebuild the sslContext
> Object. ( or restart the client)
> Observations: Behavior changed from mina-core 2.2.0 where we see that whole
> TLS/SSL implementaion has been revamped
> Question: We see that TLS/SSL has been revamped to fix issues TLSv1.3 . Does
> that mean TLSv1.3 is not supported properly in earlier versions like 2.1.x
> and 2.0.x ?
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
