Github user ivmaykov commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/184#discussion_r195514675
--- Diff: src/java/main/org/apache/zookeeper/common/X509Util.java ---
@@ -339,4 +351,20 @@ private void configureSSLServerSocket(SSLServerSocket
sslServerSocket) {
sslServerSocket.setSSLParameters(sslParameters);
}
+
+ private String[] getDefaultCipherSuites() {
+ String javaVersion = System.getProperty("java.version");
--- End diff --
Couple minor suggestions:
- use the "java.specification.version" property instead, it returns a
string w/o the minor version (such as "1.8" or "9"), easier to deal with.
- Add some comments that explain why we branch the ciphers based on the
java version. Something like "perf testing done by Facebook engineers shows
that on Intel x86_64 machines, Java9 performs better with GCM and Java8
performs better with CBC, so these seem like reasonable defaults."
---
