Zita Dombi created HDDS-15176:
---------------------------------
Summary: Ozone SCM fails to start when gRPC cipher policy includes
unsupported cipher
Key: HDDS-15176
URL: https://issues.apache.org/jira/browse/HDDS-15176
Project: Apache Ozone
Issue Type: Bug
Reporter: Zita Dombi
Assignee: Zita Dombi
The gRPC server TLS setup applies configured ciphers directly using Netty
OpenSSL context creation with strict conversion. If any configured cipher is
unsupported (and there is no supported cipher in the list before that), TLS
context creation throws an error and SCM startup fails.
Unsupported ciphers in the configured list should be filtered out and service
startup should continue if at least one valid cipher remains.
Instead of this:
{code:java}
sslContextBuilder.ciphers(securityConfig.getGrpcTlsCiphers()); {code}
It should use Netty SupportedCipherSuiteFilter.INSTANCE when applying
configured cipher lists in gRPC server TLS context builders:
{code:java}
sslContextBuilder.ciphers(
securityConfig.getGrpcTlsCiphers(),
SupportedCipherSuiteFilter.INSTANCE); {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
