[
https://issues.apache.org/jira/browse/HDDS-15176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zita Dombi updated HDDS-15176:
------------------------------
Status: Patch Available (was: Open)
> Ozone SCM fails to start when gRPC cipher policy list includes unsupported
> cipher
> ---------------------------------------------------------------------------------
>
> Key: HDDS-15176
> URL: https://issues.apache.org/jira/browse/HDDS-15176
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Zita Dombi
> Assignee: Zita Dombi
> Priority: Major
> Labels: pull-request-available
>
> The gRPC server TLS setup applies the configured cipher list directly when
> building the Netty OpenSSL context. If any configured cipher is unsupported
> (and there is no supported cipher in the list before that), TLS context
> creation throws an error and SCM startup fails.
> Unsupported ciphers in the configured list should be filtered out and service
> startup should continue if at least one valid cipher remains.
> Instead of this:
> {code:java}
> sslContextBuilder.ciphers(securityConfig.getGrpcTlsCiphers()); {code}
> It should use Netty SupportedCipherSuiteFilter.INSTANCE when applying
> configured cipher lists in gRPC server TLS context builders:
> {code:java}
> sslContextBuilder.ciphers(
> securityConfig.getGrpcTlsCiphers(),
> SupportedCipherSuiteFilter.INSTANCE); {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
