ZOOKEEPER-3229: [TLS] add AES-256 ciphers to default cipher list #744
Conversation
ivmaykov
commented
Dec 20, 2018
ivmaykov
commented
- Add AES-256 cipher suites
- Add AES-128-...-SHA cipher suites (for compatibility with Netty OpenSSL transport)
- code cleanup: split up the suites into CBC and GCM ciphers and put them in different order when constructing java8 / java9 defaults.
| }; | ||
| } | ||
|
|
||
| private static String[] concatArrays(String[] left, String[] right) { |
There was a problem hiding this comment.
ArrayUtils.addAll() in Apache Commons lib?
There was a problem hiding this comment.
I think apache commons lang or lang3 is not included for all the targets in ivy dependencies ( https://github.com/apache/zookeeper/blob/master/ivy.xml#L93 ). At least I couldn't use that library and compile the code. You might want to remove the conf and use the default conf like
<dependency org="commons-lang" name="commons-lang" rev="${commons-lang.version}"/>
to make it working.
|
LGTM 👍 |
|
retest this please |
ivmaykov
force-pushed
the
ZOOKEEPER-3229
branch
from
64a0701 to
ef0348b
Compare
|
retest this please |
|
@ivmaykov |
|
@anmolnar I will take a look. That seems pretty weird, and I don't think we had that failure on our internal fork (otherwise, our continuous build would catch it and fail). Sorry for not responding sooner, was working on other things - should have time to work up on my open PRs again over the next few days. |
|
@anmolnar it doesn't fail when rebased on top of #681. I don't want to spend too much time figuring out why, since I wrote #681 a few months ago and the relevant knowledge is no longer in my cache :) I do remember that #681 fixes several issues with configuring SSL sockets. This PR can wait until after #681 lands. |
ivmaykov
force-pushed
the
ZOOKEEPER-3229
branch
from
ef0348b to
f03cd52
Compare
- Add AES-256 cipher suites - Add AES-128-...-SHA cipher suites (for compatibility with Netty OpenSSL transport) - code cleanup: split up the suites into CBC and GCM ciphers and put them in different order when constructing java8 / java9 defaults. Author: Ilya Maykov <[email protected]> Reviewers: [email protected] Closes #744 from ivmaykov/ZOOKEEPER-3229 (cherry picked from commit 3583bbf) Signed-off-by: Andor Molnar <[email protected]>
|
Committed to master and 3.5 branches. |
- Add AES-256 cipher suites - Add AES-128-...-SHA cipher suites (for compatibility with Netty OpenSSL transport) - code cleanup: split up the suites into CBC and GCM ciphers and put them in different order when constructing java8 / java9 defaults. Author: Ilya Maykov <[email protected]> Reviewers: [email protected] Closes apache#744 from ivmaykov/ZOOKEEPER-3229
