[
https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16138274#comment-16138274
]
Jens Borgland commented on IGNITE-6167:
---------------------------------------
[~ilyak], perhaps it's me who's missing something obvious but I cannot really
find a reasonable way of subclassing SSLContext - and getSocketFactory() and
getServerSocketFactory() are both final. I have however created my own
SslContextFactory (in order to set up revocation checking the way I need) and
that part works fine.
> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled
> TLS protocols and cipher suites
> ------------------------------------------------------------------------------------------------------------
>
> Key: IGNITE-6167
> URL: https://issues.apache.org/jira/browse/IGNITE-6167
> Project: Ignite
> Issue Type: Wish
> Affects Versions: 2.1
> Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the
> {{javax.net.ssl.SSLContext}}, either specify a custom
> {{javax.net.ssl.SSLServerSocketFactory}} and a custom
> {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the
> enabled TLS protocols and cipher suites.
> I have noticed that the
> {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for
> the latter but I cannot find a way of getting a reference to the filter
> instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as
> far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled
> cipher suites and protocols used by Ignite, without doing it globally for the
> JRE.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
