VOMS Java APIs select SSLv3 for legacy VOMS requests

XMLWordPrintable

      SSLv3 is the protocol selected for legacy requests:

      https://github.com/italiangrid/voms-api-java/blob/02de2d980cbe0619285864d1056059be399c2f33/src/main/java/org/italiangrid/voms/request/SSLSocketFactoryProvider.java#L72

      Normally this is not a problem, as TLS is selected for the HTTP request.

      If the HTTP endpoint misbehaves (like it happens for the BNL and FNAL VOMS servers that likely have some configuration issues or use an old version
      of the VOMS server where HTTP requests are not handled correctly), the fallback to the legacy protocol stops working on JREs that have SSLv3 disabled.

            Assignee:
            Andrea Ceccanti
            Reporter:
            Andrea Ceccanti
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: