[jboss-jira] [JBoss JIRA] (ELY-660) Elytron introduces SSL/TLS protocol constraints
Jan Kalina (JIRA)
issues at jboss.org
Wed Oct 12 11:24:00 EDT 2016
Jan Kalina created ELY-660:
------------------------------
Summary: Elytron introduces SSL/TLS protocol constraints
Key: ELY-660
URL: https://issues.jboss.org/browse/ELY-660
Project: WildFly Elytron
Issue Type: Bug
Components: SSL
Affects Versions: 1.1.0.Beta8
Reporter: Jan Kalina
Assignee: Jan Kalina
Priority: Blocker
{noformat}
"protocols" => {
"type" => LIST,
"description" => "The enabled protocols.",
"expressions-allowed" => true,
"nillable" => false,
"allowed" => [
"SSLv2",
"SSLv3",
"TLSv1",
"TLSv1_1",
"TLSv1_2",
"TLSv1_3"
],
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
{noformat}
Why elytron on this place is going to validate user input and map standard java values [1] into proprietary values?
Whereas on other similar places (KeyManager algorithm, TrustManager algorithm, Keystore types) it leaves up to user to set proper value.
IMO, with such mapping another place, where bugs can raise was introduced. EAP will be here always one step back compared to java.
Note, IBM java already today defines little bit different protocols set [2]
I wonder, where is that mapping "TLSv1_2 -> TLSv1.2" acually performed? I couldn't find that place.
[1] https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext
[2] http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/protocols.html
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list