jgroup 3.6.4 - use only TLSv1.2

[Koushik Jayakumar]

hi team,

We are using the jgroups 3.6.4 version, and the "TUNNEL" mechanism.

We found that the connection established between nodes has the option of both TLSv1.1 and TLSv1.2, our requirement is to provide only the TLSv1.2.

we have used the nmap command to check this :

nmap -sV --script ssl-enum-ciphers -p <jgroup_port> <node_ip>

Checked this xsd http://www.jgroups.org/schema/jgroups-3.6.xsd - and didnt find an option for SSL protocol version.

So is there any way we can configure jgroup 3.6.4 to use only the specific TLS version. TLSv1.2?

Please let me know.

thanks beforehand for the response.

Regards,
Koushik

[Bela Ban]

Note that 3.6.4 is 8 years old, so I highly recommend an upgrade.

In 3.6.4, we don't support TLS in TUNNEL; if you want this, upgrade to
4.2.x or 5.x.
Regards,

> --
> You received this message because you are subscribed to the Google
> Groups "jgroups-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jgroups-dev...@googlegroups.com
> <mailto:jgroups-dev...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jgroups-dev/CAGqk3aFyLbYeX0fkiQP73rnwzKyXQVkGQ42euUM_W-zDck3wVQ%40mail.gmail.com <https://groups.google.com/d/msgid/jgroups-dev/CAGqk3aFyLbYeX0fkiQP73rnwzKyXQVkGQ42euUM_W-zDck3wVQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.

--
Bela Ban | http://www.jgroups.org

[koush...@gmail.com]

OK thanks Bela for the quick response. We would consider upgrading it.

[koush...@gmail.com]

hi Bela, 

one follow-up question on this... when the TLS version is not specified (like in this 3.6.4 version), which version will be preferred by jgroup to establish the connection when both the client and server has both TLSv1.1 and TLSv1.2 version available? asking this, as there is a security requirement over the communication that jgroup uses.

[Bela Ban]

On 12.04.23 15:31, koush...@gmail.com wrote:
> hi Bela,
> one follow-up question on this... when the TLS version is not specified
> (like in this 3.6.4 version), which version will be preferred by jgroup
> to establish the connection when both the client and server has both
> TLSv1.1 and TLSv1.2 version available?

None - JGroups 3.x does *not* support TLS

> https://groups.google.com/d/msgid/jgroups-dev/CAGqk3aFyLbYeX0fkiQP73rnwzKyXQVkGQ42euUM_W-zDck3wVQ%40mail.gmail.com <https://groups.google.com/d/msgid/jgroups-dev/CAGqk3aFyLbYeX0fkiQP73rnwzKyXQVkGQ42euUM_W-zDck3wVQ%40mail.gmail.com> <https://groups.google.com/d/msgid/jgroups-dev/CAGqk3aFyLbYeX0fkiQP73rnwzKyXQVkGQ42euUM_W-zDck3wVQ%40mail.gmail.com?utm_medium=email&utm_source=footer <https://groups.google.com/d/msgid/jgroups-dev/CAGqk3aFyLbYeX0fkiQP73rnwzKyXQVkGQ42euUM_W-zDck3wVQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
>
> --
> Bela Ban | http://www.jgroups.org <http://www.jgroups.org>

>
> --
> You received this message because you are subscribed to the Google
> Groups "jgroups-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jgroups-dev...@googlegroups.com
> <mailto:jgroups-dev...@googlegroups.com>.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/jgroups-dev/da5e3583-0b85-4727-bf11-46d58b55930cn%40googlegroups.com <https://groups.google.com/d/msgid/jgroups-dev/da5e3583-0b85-4727-bf11-46d58b55930cn%40googlegroups.com?utm_medium=email&utm_source=footer>.