[
https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16139794#comment-16139794
]
Ilya Kasnacheev commented on IGNITE-6167:
-----------------------------------------
[~jens.borgland] You can subclass SSLContext and call protected
SSLContext(SSLContextSpi contextSpi, Provider provider, String protocol)
constructor with crafted contextSpi which will return
engineGetServerSocketFactory() with specified TLS protocols and cipher suites.
Maybe there's some caveat but I don't immediately see it. That sure as day
requires some dedicated effort.
> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled
> TLS protocols and cipher suites
> ------------------------------------------------------------------------------------------------------------
>
> Key: IGNITE-6167
> URL: https://issues.apache.org/jira/browse/IGNITE-6167
> Project: Ignite
> Issue Type: Wish
> Affects Versions: 2.1
> Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the
> {{javax.net.ssl.SSLContext}}, either specify a custom
> {{javax.net.ssl.SSLServerSocketFactory}} and a custom
> {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the
> enabled TLS protocols and cipher suites.
> I have noticed that the
> {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for
> the latter but I cannot find a way of getting a reference to the filter
> instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as
> far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled
> cipher suites and protocols used by Ignite, without doing it globally for the
> JRE.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
