[GEODE-10297] SSL protocol ordering can result in loss of newer protocol support. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.12.9, 1.13.8, 1.14.4, 1.15.0, 1.16.0
Fix Version/s: 1.15.0, 1.16.0
Component/s: core
Labels:

Description

If ssl-protocols is listed with a older protocol version ahead of a newer the SSLContext used will support at most that weaker protocol.

For example ssl-protocols=TLSV1.2,TLSv1.3,TLSv1.1 will use the TLSv1.2 SSLContext, which will not support, and silently ignore, the TLSv1.3 configuration. The effective enabled protocols list will be TLSV1.2,TLSv1.1.

Attachments

Issue Links

links to

GitHub Pull Request #7680

Activity

People

Assignee:: Donal Evans

Reporter:: Jacob Barrett

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/May/22 02:35

Updated:: 22/Jun/22 20:46

Resolved:: 23/May/22 15:55