ademakov commented on code in PR #1779:
URL: https://github.com/apache/ignite-3/pull/1779#discussion_r1136784252
##########
modules/network/src/main/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImpl.java:
##########
@@ -73,4 +89,23 @@ private static void
validateKeyStore(ValidationContext<AbstractSslView> ctx, Str
}
}
}
+
+ private static void validateCiphers(ValidationContext<AbstractSslView>
ctx, AbstractSslView ssl) {
+ try {
+ SslContext context = SslContextBuilder.forClient().build();
+ Set<String> supported =
Arrays.stream(context.newEngine(ByteBufAllocator.DEFAULT).getSupportedCipherSuites())
+ .filter(Objects::nonNull) // OpenSSL engine returns null
string in the array so we need to filter them out
+ .collect(Collectors.toSet());
+ Set<String> ciphers = Arrays.stream(ssl.ciphers().split(","))
+ .map(String::strip)
+ .collect(Collectors.toSet());
+ if (!supported.containsAll(ciphers)) {
Review Comment:
Hmm, cannot this result into a situation when one just makes a typo in the
name of a most preferred cipher and thus a less preferred cipher is selected?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
