[
https://issues.apache.org/jira/browse/CASSANDRA-18624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17747118#comment-17747118
]
Stefan Miklosovic edited comment on CASSANDRA-18624 at 7/25/23 7:58 PM:
------------------------------------------------------------------------
I asked Corretto guys directly and the answer is quite interesting. As I read
it, Corretto is trully a subset but on the other hand they are not supporting
protocols which are considered weak. So we are actually making Cassandra more
secure if we drop the support of the algorithms which are weak and haven't
manage to make it to Corretto.
https://github.com/corretto/amazon-corretto-crypto-provider/issues/315
[~mck] [~jwest] thoughts?
My opinion is that I would ship it but I would not make it the default. We
would default to JREProvider. We might deprecate the usage of in-JRE crypto
provider and we would make it default in 6.0 but that is really just an idea. I
am completely fine with shipping it and not making it default and not deprecate
anything for ever.
was (Author: smiklosovic):
I asked Corretto guys directly and the answer is quite interesting. As I read
it, Corretto is trully a subset but on the other hand they are not supporting
protocols which are considered weak. So we are actually making Cassandra more
secure if we drop the support of the algorithms which are weak and haven't
manage to make it to Corretto.
https://github.com/corretto/amazon-corretto-crypto-provider/issues/315
[~mck] [~jwest] thoughts?
My opinion is that I would ship it but I would not make it the default. We
would default to JREProvider.
> Make Corretto Crypto Provider the Default
> -----------------------------------------
>
> Key: CASSANDRA-18624
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18624
> Project: Cassandra
> Issue Type: Improvement
> Components: Dependencies
> Reporter: Jordan West
> Assignee: Ayushi Singh
> Priority: Normal
> Fix For: 5.x
>
> Attachments: image.png
>
> Time Spent: 28h
> Remaining Estimate: 0h
>
> [Amazon Corretto Crypto Provider|
> https://github.com/corretto/amazon-corretto-crypto-provider] is an
> alternative provider of TLS and cryptographic functions that has significant
> performance benefits for Cassandra. It is Apache 2.0 licensed and has been
> deployed in several existing large fleets.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
