TLSv1 vs TLS vs SSL use throughout CS

Demetrius Tsitrelis Fri, 20 Dec 2013 12:57:38 -0800


I was looking at the SSL code in CloudStack
and noticed that there are about a dozen calls to the SSLContext.getInstance() 
method.  Some of them
use the  "SSL" protocol while
others use "TLS" or "TLSv1".   So I'm wondering if it makes sense to expose a 
configuration setting which specifies an organization's minimum secure protocol 
level and then use that in all of CloudStack.  Is there a need to maintain 
distinct protocol configurations for each SSL/TLS connection? Here's the
usage list today:


 
plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerConnectionPool.java:90:
            javax.net.ssl.SSLContext sc =
javax.net.ssl.SSLContext.getInstance("TLS");

plugins/network-elements/nicira-nvp/src/com/cloud/network/nicira/NiciraNvpApi.java:555:
                SSLContext sc =
SSLContext.getInstance("SSL");

plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java:42:
            SSLContext ctx =
SSLContext.getInstance("TLS");

plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java:703:
            SSLContext sslContext =
SSLContext.getInstance("SSL");

 
services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java:71:
                sslContext =
SSLContext.getInstance("TLS");

services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java:94:
                sslContext =
SSLContext.getInstance("TLS");

services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java:236: 
           sslContext =
SSLContext.getInstance("SSL", "SunJSSE");

services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapper.java:130:
            SSLContext sslContext =
SSLContext.getInstance("TLSv1");

 utils/src/com/cloud/utils/nio/Link.java:430:        sslContext =
SSLContext.getInstance("TLS");

utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java:114:
            SSLContext context =
SSLContext.getInstance("SSL");

 vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java:102:        
javax.net.ssl.SSLContext sc =
javax.net.ssl.SSLContext.getInstance("SSL");

vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java:80:         
   javax.net.ssl.SSLContext sc =
javax.net.ssl.SSLContext.getInstance("SSL");

TLSv1 vs TLS vs SSL use throughout CS

Reply via email to