Github user dkuppitz commented on the issue:
https://github.com/apache/tinkerpop/pull/912
Very nice work.
VOTE: +1
---
Github user k4rthikr commented on the issue:
https://github.com/apache/tinkerpop/pull/912
I agree. Thanks for the change!
---
Github user spmallette commented on the issue:
https://github.com/apache/tinkerpop/pull/912
VOTE +1 - server integration tests are good - nice job with docs and
everything. thanks for doing this nerd work
---
Github user robertdale commented on the issue:
https://github.com/apache/tinkerpop/pull/912
@k4rthikr That's a little deeper than I want to get into. `sslCipherSuites`
provides a whitelist. Whitelists are always preferred over blacklists. If this
one were blacklisted, there are probab
Github user k4rthikr commented on the issue:
https://github.com/apache/tinkerpop/pull/912
@robertdale Should we also provide a config entry for disabling certain
cipher suites? For example TLS_RSA_WITH_3DES_EDE_CBC_SHA is supported. This
cipher suite has a 64-bit block size, and the s
Github user FlorianHockmann commented on the issue:
https://github.com/apache/tinkerpop/pull/912
> They settings are @Deprecated not removed - for example:
Ah, thanks for the clarification. I indeed only looked at the changes to
the docs. Deprecating those settings is of cours
Github user spmallette commented on the issue:
https://github.com/apache/tinkerpop/pull/912
They settings are `@Deprecated` not removed - for example:
https://github.com/apache/tinkerpop/pull/912/files#diff-45b18530a9a147f84ad0ee9ddab81fa1R681
once we deprecate someth
Github user FlorianHockmann commented on the issue:
https://github.com/apache/tinkerpop/pull/912
To be honest, I haven't taken a detailed look at the changes of this PR
yet, but it seems to also remove / rename a bunch of config properties like
`ssl.keyFile` for example. Doesn't this
Github user spmallette commented on the issue:
https://github.com/apache/tinkerpop/pull/912
> if you relied on the server generating self-signed certs
i think it's fine to break those folks because they shouldn't have been
doing that in the first place.
---
Github user robertdale commented on the issue:
https://github.com/apache/tinkerpop/pull/912
Right, when it's security-related, you're given a pass to break anything!
:rage1: :rage2: :rage3: :rage4:
Seriously, the breaking change is only if you relied on the server
generatin
Github user spmallette commented on the issue:
https://github.com/apache/tinkerpop/pull/912
I wondered that tooi figured the reasoning for tp32 was that this was a
"security" issue and thus the "breaking" aspect was justified. is that a fair
way to characterize this the branch tar
Github user FlorianHockmann commented on the issue:
https://github.com/apache/tinkerpop/pull/912
Since this is a breaking change, wouldn't it be better to target `master`
so that this can go into 3.4.0?
---
Github user spmallette commented on the issue:
https://github.com/apache/tinkerpop/pull/912
Nice PR description and good upgrade docs. I was reading through the
current docs on "Security" and they seem insufficient:
http://tinkerpop.apache.org/docs/current/reference/#security
13 matches
Mail list logo
