Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1827

Stop using a specific, hardcoded SSL Context.

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.4.1
    • Component/s: TLS
    • Labels:
      None

      Description

      Openfire (in EncryptionFactory, potentially other places) uses a SSLContext that's TLSv1, hardcoded. This was probably a good, strong choice at the time it was written, but it's starting to become a mediocre choice now.

      Openfire should not hardcode the setting - the default setting should be increased.

      Interestingly, Java allows you to use a version named 'default' - which probably is going to be something that's deemed appropriate in a particular version of Java.

      Openfire should allow the context version to be updated, and should probably use 'default' if no explicit configuration is given.

        Attachments

          Activity

            People

            • Assignee:
              guus Guus der Kinderen
              Reporter:
              guus Guus der Kinderen
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: