lukasz-antoniak commented on code in PR #336:
URL: https://github.com/apache/cassandra-sidecar/pull/336#discussion_r3091568403
##########
server/src/main/java/org/apache/cassandra/sidecar/cluster/CQLSessionProviderImpl.java:
##########
@@ -286,41 +277,45 @@ public void close()
* SSL connection, the driver only needs to provide the truststore, while
Cassandra supplies its keystore for
* validation. In the case of an mTLS connection, both the keystore and
truststore are configured on the driver side.
*/
- private SslContext createSslContext(SslConfiguration sslConfiguration)
+ private SSLContext createSslContext(SslConfiguration sslConfiguration)
{
if (sslConfiguration == null || !sslConfiguration.enabled())
{
return null;
}
- SslContextBuilder sslContextBuilder;
try
{
- sslContextBuilder = SslContextBuilder.forClient()
-
.protocols(sslConfiguration.secureTransportProtocols());
+ // TODO: If we wish to explicitly limit allowed SSL protocols,
+ // we need to implement custom DefaultSslEngineFactory and use
SSLEngine.setEnabledProtocols().
+ SSLContext sslContext = SSLContext.getInstance("TLS");
Review Comment:
`sslConfiguration.secureTransportProtocols()` references to SSL
configuration for Sidecar's HTTP endpoint. Is it intentional to apply it to
driver configuration also?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
