Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7594

allow configuring https.protocols and https.cipherSuites on Nexus outbound HTTP client connections

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.8, 2.9, 2.10
    • Fix Version/s: 2.11, 3.0.0-m3
    • Component/s: Transport
    • Labels:
      None
    • Story Points:
      2
    • Release Note:
      Yes
    • Sprint:
      Sprint 29, Sprint 30

      Description

      In NEXUS-5526, a change was made to allow javax.net.* system properties to be set on the HTTP Client embedded within Nexus.

      https://github.com/sonatype/nexus-oss/commit/a7eb959b98b769cdfef190348f61e94b385ed32a#diff-35540aaccce768f70470408e7d8a0470

      We have since regressed back to not allowing this:

      https://github.com/sonatype/nexus-oss/commit/6c6507c8daf1cf6110d5f1d63c4d28a25b62c563#diff-35540aaccce768f70470408e7d8a0470

      And the attempt to backout changes did not restore use of the System connection factory method:

      https://github.com/sonatype/nexus-oss/commit/0ab135701ad42b169d8283fb8bddb110a3bd3bf7#diff-35540aaccce768f70470408e7d8a0470

      In Nexus 2.8.0-05 we started including httpclient 4.3.x into Nexus. httpclient 4.3.x system SSLSocketFactory started honouring https.protocols and https.ciphersuites - however in 2.8 our regression prevents setting protocols and ciphers on outbound connections from being an option for end users.

      So two problems:

      • it seems we have regressed honouring system properties that influence the outbound http connections
      • we don't expose a way to set https protocols and ciphers preferences on Nexus outbound connections ( https.protocols / https.ciphersuites )

      Expected

      • make Nexus use the system socket factories provided by http client, so that standard javax.net system properties can influence outbound connections

      http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/conn/ssl/SSLConnectionSocketFactory.html#162

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              plynch Peter Lynch
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title