#2647 Add two ssl protocol properties for http server and client

Security
closed-fixed
Dave Blaschke
jsr48-client
3
2013-09-19
2013-07-01
Samuel
No

Currently httpserver and httpclient in jcc use the same sslprotocol property to get the SSLContext. We expect that differnt sslprotocol could be used here, as the security requirement for them may differ, like that we only want to enable TLSv1.2 in server side and all protocol in client side.

1 Attachments

Discussion

  • Dave Blaschke
    Dave Blaschke
    2013-07-01

    I have named the properties sblim.wbem.ssl(Client/Listener)Protocol to be similar to sblim.wbem.ssl(Client/Listener)CipherSuitesToDisable, if you want me to use Server instead of Listener please let me know.

    # The protocol used for SSLContext.getInstance(String protocol) by a client.  This property
    # overrides any value set via the ssl.Protocol property.  
    #
    # Recognition: On next SSL connection
    # Default: none
    #
    #sblim.wbem.sslClientProtocol=
    
    # The protocol used for SSLContext.getInstance(String protocol) by a listener.  This property
    # overrides any value set via the ssl.Protocol property.
    #
    # Recognition: On next SSL connection
    # Default: none 
    #
    #sblim.wbem.sslListenerProtocol=
    
     
  • Dave Blaschke
    Dave Blaschke
    2013-07-01

    • status: open --> open-fixed
     
  • Dave Blaschke
    Dave Blaschke
    2013-07-01

    Patch sent for community review. During a 2 week period any exploiter may comment on the patch, request changes or turn it down completely (with good reason). For the time being the patch is part of the "Experimental" branch in CVS.

     
  • Dave Blaschke
    Dave Blaschke
    2013-07-29

    The community review is completed and we received no substantial criticism. Therefore the patch has been approved and merged into the "HEAD" branch. The next release will pick it up.

     
  • Dave Blaschke
    Dave Blaschke
    2013-07-29

    • status: open-fixed --> pending-fixed
     
  • Dave Blaschke
    Dave Blaschke
    2013-09-13

    • status: pending-fixed --> closed-fixed
     
  • Dave Blaschke
    Dave Blaschke
    2013-09-13

    The patch was picked up by release 2.2.4 and will be closed.

     
  • Dave Blaschke
    Dave Blaschke
    2013-09-19

    • labels: --> Java Client (JSR48)