On 30.09.2015 11:18, Nikolay Tikhonov wrote:
> SslContextFactory allows to set different encryption protocols (by default
> TLS). I think that just "ssl" confuses users. Might be "ssl\tls=off" more
> acceptable?
SSL is one (rather old) specification of Transport Layer Security (TLS).
These days, you shouldn't be using any version of the SSL protocol; they
all have unfixable security holes.
To be moderately safe, you should implement TLS v1.2 with fallback
allowed to TLS v1.0 but not lower. Even then, certificates should use at
least SHA256, preferably SHA512; SHA1 is no longer considered secure. I
don't recall offhand which ciphers are considered secure, but there
aren't very many of them.
-- Brane
> On Wed, Sep 30, 2015 at 11:53 AM, Dmitriy Setrakyan <
[hidden email]>
> wrote:
>
>> On Wed, Sep 30, 2015 at 10:18 AM, Alexey Goncharuk <
>>
[hidden email]> wrote:
>>
>>> Given that encryption is enabled by setting SslContextFactory, I believe
>>> that SSL is the only option. I am +1 for changing the output.
>>>
>> I changed it and committed to master.
>>
>>
>>> 2015-09-30 10:21 GMT+03:00 Dmitriy Setrakyan <
[hidden email]>:
>>>
>>>> On Wed, Sep 30, 2015 at 8:01 AM, Sergey Kozlov <
[hidden email]>
>>>> wrote:
>>>>
>>>>> On Wed, Sep 30, 2015 at 4:51 AM, Dmitriy Setrakyan <
>>>>
[hidden email]>
>>>>> wrote:
>>>>>
>>>>>> I got the following printout on 1.4 startup:
>>>>>> ---------
>>>>>> Security status [authentication=off, communication encryption=off]
>>>>>> ---------
>>>>>>
>>>>>> Do we mean SSL by "communication encryption"? If yes, shouldn't we
>>> just
>>>>> say
>>>>>> "ssl=off"?
>>>>>
>>>>>> D.
>>>>>>
>>>>> Yes, in that case communication encryption is SSL
>>>>>
>>>> Do we have another case? If not, let's rename to "ssl", shorter and to
>>> the
>>>> point. I think this can be done directly in the master. Any objections?
>>>>
>>>>> --
>>>>> Sergey Kozlov
>>>>>
Locked
