SSLFactory should not enable cipher suites that aren't supported ----------------------------------------------------------------
Key: CASSANDRA-3278 URL: https://issues.apache.org/jira/browse/CASSANDRA-3278 Project: Cassandra Issue Type: Bug Components: Core Affects Versions: 0.8.6, 0.8.5, 0.8.4, 1.0.0 Environment: OpenJDK on debian squeeze Reporter: George Cristea Priority: Minor The socket creation (server or otherwise) in SSLFactory.java calls [setEnabledCipherSuites|http://download.oracle.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setEnabledCipherSuites(java.lang.String\[\])] with the values specified in EncryptionOptions.java: {code} public String[] cipherSuites = { "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA" }; {code} The call to [setEnabledCipherSuites|http://download.oracle.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setEnabledCipherSuites(java.lang.String\[\])] fails on systems that don't have [Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6|http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html] because AES256 is not supported. To avoid installing the unlimited strength policy file the code in SSLFactory.java should call [getSupportedCipherSuites|http://download.oracle.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#getSupportedCipherSuites()] to find out which of the suites specified are supported. Thanks, George -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira