[
https://issues.apache.org/jira/browse/NUTCH-3030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17818531#comment-17818531
]
Markus Jelsma commented on NUTCH-3030:
--------------------------------------
For some reason the attached patch did not apply cleanly (error on line 96),
added new patch that does apply without complaining.
> Update default TLS cipher suites for http(s) protocol
> -----------------------------------------------------
>
> Key: NUTCH-3030
> URL: https://issues.apache.org/jira/browse/NUTCH-3030
> Project: Nutch
> Issue Type: Improvement
> Affects Versions: 1.19
> Reporter: Martin Djukanovic
> Assignee: Markus Jelsma
> Priority: Minor
> Attachments: NUTCH-3030.patch, default_ciphers_and_protocols-2.patch
>
>
> If http.tls.supported.cipher.suites is not set in the configuration, it
> defaults to a hard-coded list which is not exhaustive enough. I have
> encountered websites that exclusively use ciphers which are not included, so
> they could not be handled by protocol-http.
> I changed this list to the system default -- SSLSocketFactory's
> .getDefaultCipherSuites() to be precise. One could also use
> .getSupportedCipherSuites() here, I suppose.
> The original list should be moved to nutch-default.xml or omitted altogether.
> The protocol list is still hard-coded, but it is now also added to
> nutch-default.xml (so it can be easily changed manually if needed).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
