[
https://issues.apache.org/jira/browse/HDDS-15176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zita Dombi updated HDDS-15176:
------------------------------
Summary: Ozone SCM fails to start when gRPC cipher policy list includes
unsupported cipher (was: Ozone SCM fails to start when gRPC cipher policy
includes unsupported cipher)
> Ozone SCM fails to start when gRPC cipher policy list includes unsupported
> cipher
> ---------------------------------------------------------------------------------
>
> Key: HDDS-15176
> URL: https://issues.apache.org/jira/browse/HDDS-15176
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Zita Dombi
> Assignee: Zita Dombi
> Priority: Major
>
> The gRPC server TLS setup applies configured ciphers directly using Netty
> OpenSSL context creation with strict conversion. If any configured cipher is
> unsupported (and there is no supported cipher in the list before that), TLS
> context creation throws an error and SCM startup fails.
> Unsupported ciphers in the configured list should be filtered out and service
> startup should continue if at least one valid cipher remains.
> Instead of this:
> {code:java}
> sslContextBuilder.ciphers(securityConfig.getGrpcTlsCiphers()); {code}
> It should use Netty SupportedCipherSuiteFilter.INSTANCE when applying
> configured cipher lists in gRPC server TLS context builders:
> {code:java}
> sslContextBuilder.ciphers(
> securityConfig.getGrpcTlsCiphers(),
> SupportedCipherSuiteFilter.INSTANCE); {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
