]
Jan Kalina edited comment on WFLY-7076 at 9/10/16 11:19 AM:
------------------------------------------------------------
bq. I wonder, where is that mapping "TLSv1_2 -> TLSv1.2" acually performed? I
couldn't find that place.
This is defined in *org.wildfly.security.ssl.Protocol* enum (wildfly-elytron)
Reason for restriction is using this enum in our *ProtocolSelector*.
To remove this restriction should be sufficient replace all Protocol occurences by
String.
Is it what we want, [~dlofthouse]?
was (Author: honza889):
bq. I wonder, where is that mapping "TLSv1_2 -> TLSv1.2" acually performed? I
couldn't find that place.
This is defined in *org.wildfly.security.ssl.Protocol* enum (wildfly-elytron)
Reason for restriction is using this enum in our *ProtocolSelector*.
To remove this restriction should be sufficient replace all Protocol occurences by String.
Is it what we want?
Elytron introduces SSL/TLS protocol constraints
-----------------------------------------------
Key: WFLY-7076
URL:
https://issues.jboss.org/browse/WFLY-7076
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 11.0.0.Alpha1
Reporter: Martin Choma
Assignee: Jan Kalina
{noformat}
"protocols" => {
"type" => LIST,
"description" => "The enabled
protocols.",
"expressions-allowed" => true,
"nillable" => false,
"allowed" => [
"SSLv2",
"SSLv3",
"TLSv1",
"TLSv1_1",
"TLSv1_2",
"TLSv1_3"
],
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" =>
"resource-services"
},
{noformat}
Why elytron on this place is going to validate user input and map standard java values
[1] into proprietary values?
Whereas on other similar places (KeyManager algorithm, TrustManager algorithm, Keystore
types) it leaves up to user to set proper value.
IMO, with such mapping another place, where bugs can raise was introduced. EAP will be
here always one step back compared to java.
Note, IBM java already today defines little bit different protocols set [2]
I wonder, where is that mapping "TLSv1_2 -> TLSv1.2" acually performed? I
couldn't find that place.
[1]
https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardN...
[2]
http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.secu...