Enhancements to SSL/TLS configuration and context classes #935
Closed
sleberknight
started this conversation in
Ideas
Replies: 1 comment
-
|
Created issues:
This discussion is now effectively closed. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
This is a "brain dump" from some notes I wrote down in meatspace. It is not in any particular order, but wanted to get this in here before I lose that "yellow sticky" notepad.
SSLContextConfiguration
trustStoreType, then fix converters to/fromtoSimpleSSLContextFactory,TlsContextConfigurationandTlsConfigurationtoTlsContextConfigurationwould need to changetrustStoreTypewould (probably) not be needed anymore (deprecate it)getTrustStoreType()method should be removed, since it explicitly returnskeyStoreType(not a typo)SecureEndpointsConfiguration
SecureEndpointsConfiguration.Builderto allow setting thetrustStoreTypeSimpleSSLContextFactory
TlsContextConfiguration
Does not support any of the following from Dropwizard's
TlsConfiguration:certAliaskeyStoreProviderprovidersupportedCipherstrustSelfSignedCertificatestrustStoreProviderWe should also look to see if
TlsConfigurationhas added any additional properties that we might want to support.Note that
supportedCiphersisnullby default inTlsConfiguration(just likesupportedProtocols), so this is something we have to deal with and cannot change, even though I very much dislike havingnullcollections.SSLContextProtocol
Ensure that when we update to JDK 17 as a baseline, we provide all the accepted
SSLContextalgorithms listed in the Java Security Standard Algorithm Names (except SSL which our javadoc already says we exclude since it should not be used anymore). Note that I verifed that Java 18,19, and 20 have the same set of algorithms as 17, so we are safe through at least Java 20.Beta Was this translation helpful? Give feedback.
All reactions