-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for JGroups SSL_KEY_EXCHANGE #31
Comments
The issue is present when utilising any of the |
- Port 2157 exposed for SSL socket - /etc/crypto-policies/back-ends/java.config overridden to prevent TLS being disabled
- Port 2157 exposed for SSL socket - /etc/crypto-policies/back-ends/java.config overridden to prevent TLS being disabled
@belaban FYI the reason that |
+1 |
Currently we support the ASYM_ENCRYPT protocol for JGroups encryption, however this is prone to man in the middle attacks. This can be overcome by utilising the
SSL_KEY_EXCHANGE
protocol, however this requires a keystore to be configured. If the user has configured a keystore, we should utilise this and automatically add theSSL_KEY_EXCHANGE
protocol to the stack ifjgroups.encrypt == true
.Current issues with
ASYM_ENCRYPT
andSSL_KEY_EXCHANGE
.Node 1:
Node 2:
The text was updated successfully, but these errors were encountered: