-
Notifications
You must be signed in to change notification settings - Fork 299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FISH-5987 Remove TLS 1.0,1.1 SSL2 and SSL3 #5666
Conversation
appserver/admingui/common/src/main/resources/shared/sslPrepare.inc
Outdated
Show resolved
Hide resolved
...rver/orb/orb-iiop/src/main/java/org/glassfish/enterprise/iiop/impl/IIOPSSLSocketFactory.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You've broken the SSL config page:
Configs > server-config > ORB > IIOP Listeners > SSL > SSL
Disable TLS 1.2, enable TLS 1.3, click save - error.
|
||
String protocol; | ||
if (tlsEnabled13) { | ||
protocol = TLS13; | ||
} else if (tlsEnabled12) { | ||
} else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if this should default to 1.3, 1.2, or throw an error?
Need to debug with a reproducer to understand this and why it would originally default to SSL even though that wasn't an option.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Numerous methods and references to SSL2 and SSL3 missed in AppClientSSL, config/SSL, ServerTags, CreateSSL, CipherInfo, SSLClientConfigurator, SSLParams, SSLConfigurator, dom/Ssl, and SecureAdminCommand
....security/src/main/java/com/sun/enterprise/security/appclient/AppClientSecurityInfoImpl.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still missed references in help text e.g. --securityenabled help text in create-http-listener
SSLv2 and SSLv3 still available as enums in SslType
Description
Since TLS 1.0 and 1.1 are disabled on JDK 11, this has been removed
Important Info
Blockers
N/A
Testing
New tests
N/A
Testing Performed
Built Payara and checked if options for tls 1.0 and 1.1 were there and executed
set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.tls-enabled=[true/false]
Testing Environment
ubuntu 20.04 maven 3.6.3 openjdk 11.0.11 2021-04-20 LTS
Documentation
Here
Notes for Reviewers