[jboss-jira] [JBoss JIRA] (WFLY-7301) Elytron introduces SSL/TLS protocol constraints

Jan Kalina (JIRA) issues at jboss.org
Wed Oct 12 11:25:00 EDT 2016 

     [ https://issues.jboss.org/browse/WFLY-7301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina moved ELY-660 to WFLY-7301:
--------------------------------------

              Project: WildFly  (was: WildFly Elytron)
                  Key: WFLY-7301  (was: ELY-660)
          Component/s: Security
                           (was: SSL)
    Affects Version/s:     (was: 1.1.0.Beta8)


> Elytron introduces SSL/TLS protocol constraints
> -----------------------------------------------
>
>                 Key: WFLY-7301
>                 URL: https://issues.jboss.org/browse/WFLY-7301
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Blocker
>
> {noformat}
>                        "protocols" => {
>                             "type" => LIST,
>                             "description" => "The enabled protocols.",
>                             "expressions-allowed" => true,
>                             "nillable" => false,
>                             "allowed" => [
>                                 "SSLv2",
>                                 "SSLv3",
>                                 "TLSv1",
>                                 "TLSv1_1",
>                                 "TLSv1_2",
>                                 "TLSv1_3"
>                             ],
>                             "value-type" => STRING,
>                             "access-type" => "read-write",
>                             "storage" => "configuration",
>                             "restart-required" => "resource-services"
>                         },
> {noformat}
> Why elytron on this place is going to validate user input and map standard java values [1] into proprietary values?
> Whereas on other similar places (KeyManager algorithm, TrustManager algorithm, Keystore types) it leaves up to user to set proper value.
> IMO, with such mapping another place, where bugs can raise was introduced. EAP will be here always one step back compared to java. 
> Note, IBM java already today defines little bit different protocols set [2]
> I wonder, where is that mapping "TLSv1_2 -> TLSv1.2" acually performed? I couldn't find that place.
> [1] https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext
> [2] http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/protocols.html



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list