Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make TLSv1.2 the default #417

Merged
merged 2 commits into from
Apr 9, 2018
Merged

Make TLSv1.2 the default #417

merged 2 commits into from
Apr 9, 2018

Conversation

ctubbsii
Copy link
Member

@ctubbsii ctubbsii commented Apr 6, 2018

When Accumulo's RPC is configured for SSL/TLS, the client connections
will choose TLSv1.2 by default (instead of TLSv1 or TLSv1.1).

@ctubbsii
Make TLSv1.2 the default for ssl-enabled clients
6d8ed57 
When Accumulo's RPC is configured for SSL/TLS, the client connections
will choose TLSv1.2 by default (instead of TLSv1 or TLSv1.1).
@ctubbsii ctubbsii self-assigned this Apr 6, 2018
@ctubbsii
Copy link
Member Author

ctubbsii commented Apr 6, 2018

I added a second commit which instructs the server-side to use TLS 1.2 by default, also. As I understand it, there's a few well-known downgrade attacks for 1.1 and 1.0, that we should avoid. Since we maintain the code for both client and server, there's no reason we shouldn't use 1.2 by default. It is still configurable, if users need something else.

@ctubbsii ctubbsii changed the title Make TLSv1.2 the default for ssl-enabled clients Make TLSv1.2 the default Apr 6, 2018
@PircDef
Copy link
Member

PircDef commented Apr 9, 2018

Is there an intent to remove ProtocolOverridingSSLSocketFactory as well?

@ctubbsii
Copy link
Member Author

ctubbsii commented Apr 9, 2018

@PircDef Maybe... that would be a bigger change, and more testing to ensure correctness. This is a simple configuration defaults change vs. changing currently functioning code.

@ctubbsii ctubbsii merged commit e059c54 into apache:1.8 Apr 9, 2018
@ctubbsii ctubbsii deleted the client-tls12-default branch April 9, 2018 20:40
@ctubbsii ctubbsii added this to Done in 1.9.1 Jun 14, 2019
@ctubbsii ctubbsii added this to Done in 1.9.0 Jun 14, 2019
@ctubbsii ctubbsii added this to Done in 2.0.0 Jun 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PircDef PircDef PircDef approved these changes

@keith-turner keith-turner Awaiting requested review from keith-turner

Assignees

@ctubbsii ctubbsii

Labels
None yet
Projects
No open projects
1.9.0
  
Done
2.0.0
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ctubbsii @PircDef