Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Stop using a specific, hardcoded SSL Context.

Description

Openfire (in EncryptionFactory, potentially other places) uses a SSLContext that's TLSv1, hardcoded. This was probably a good, strong choice at the time it was written, but it's starting to become a mediocre choice now.

Openfire should not hardcode the setting - the default setting should be increased.

Interestingly, Java allows you to use a version named 'default' - which probably is going to be something that's deemed appropriate in a particular version of Java.

Openfire should allow the context version to be updated, and should probably use 'default' if no explicit configuration is given.

Environment

None

Activity

Show:

Daryl Herzmann 
August 2, 2019 at 8:10 PM

picked onto 4.4 branch

Daryl Herzmann 
August 2, 2019 at 7:53 PM

Testing commit on Ignite and then will backport to 4.4 if OK.

Fixed

Details

Assignee

Reporter

Components

Fix versions

Priority

Created August 2, 2019 at 2:14 PM
Updated August 2, 2019 at 8:10 PM
Resolved August 2, 2019 at 8:10 PM