search

hazelcast / hz-docs

Source content for the Hazelcast Platform documentation
10 stars 90 forks source link

Docs: Feedback for TLS/SSL Basics #1130

Closed srknzl closed 3 weeks ago

srknzl commented 1 month ago

Hi, I have some feedback about this page

The config for our SSL seems to be wrong in https://docs.hazelcast.com/hazelcast/5.4/security/tls-ssl#tlsssl-for-hazelcast-members. Right now I can produce locally that when I use "keystore" and "truststore" in properties, cluster join fails with "javax.net.ssl.SSLHandshakeException: no cipher suites in common"

but when I use "keyStore" and "trustStore", it's fixed.

My SSL config:

version1

<ssl enabled="true">
            <factory-class-name>
                com.hazelcast.nio.ssl.BasicSSLContextFactory
            </factory-class-name>
            <properties>
                <property name="protocol">TLSv1.2</property>
                <property name="keyStore">/Users/serkan/selfsigned-ssl-certs/server.keystore</property>
                <property name="keyStorePassword">123456</property>
                <property name="keyStoreType">PKCS12</property>
                <property name="trustStore">/Users/serkan/selfsigned-ssl-certs/server.truststore</property>
                <property name="trustStorePassword">123456</property>
                <property name="trustStoreType">PKCS12</property>
            </properties>
        </ssl>

version2:

<ssl enabled="true">
            <factory-class-name>
                com.hazelcast.nio.ssl.BasicSSLContextFactory
            </factory-class-name>
            <properties>
                <property name="protocol">TLSv1.2</property>
                <property name="keystore">/Users/serkan/selfsigned-ssl-certs/server.keystore</property>
                <property name="keyStorePassword">123456</property>
                <property name="keyStoreType">PKCS12</property>
                <property name="truststore">/Users/serkan/selfsigned-ssl-certs/server.truststore</property>
                <property name="trustStorePassword">123456</property>
                <property name="trustStoreType">PKCS12</property>
            </properties>
        </ssl>
srknzl commented 1 month ago

note: i used hazelcast-enterprise 5.3.7

kwart commented 4 weeks ago

The issue was introduced by the PR #844. I'll revert it in a new PR.