Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change gRPC CipherSuite to be CNSA compliant #215

Closed
nathanklick opened this issue May 15, 2020 · 1 comment
Closed

Change gRPC CipherSuite to be CNSA compliant #215

nathanklick opened this issue May 15, 2020 · 1 comment
Assignees
@qnswirlds @tinker-michaelj @anighanta
Labels
Bug An error that causes the feature to behave differently than what was expected based on design. Impact Potentially impacts SDK, clients, docs and/or users. P1 High priority issue, which must be completed in the milestone otherwise the release is at risk.
Milestone
Hedera 0.7.0

Comments

@nathanklick
Copy link
Member

nathanklick commented May 15, 2020
edited
Loading

The configured gRPC cipher suites allow negotiation of TLS_RSA_WITH_AES_256_GCM_SHA384 which is not a CNSA compliant cipher suite. We should use TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 instead.

NettyServerManager.java (lines 102-105):

List<String> ciphers = Arrays.asList(
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
	"TLS_RSA_WITH_AES_256_GCM_SHA384"
);

Proposed Changes:

List<String> ciphers = Arrays.asList(
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
	"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
);
@nathanklick nathanklick added P1 High priority issue, which must be completed in the milestone otherwise the release is at risk. Bug An error that causes the feature to behave differently than what was expected based on design. labels May 15, 2020
@nathanklick nathanklick added this to the Hedera Services 0.6.0 milestone May 15, 2020
@noshmody noshmody removed this from the Hedera Services 0.6.0 milestone May 15, 2020
@noshmody noshmody added this to the Hedera 0.7.0 milestone Jul 20, 2020
@noshmody noshmody added the Impact Potentially impacts SDK, clients, docs and/or users. label Jul 27, 2020
@anighanta
Copy link
Contributor

fixed here

ljianghedera pushed a commit that referenced this issue Aug 1, 2020
@QianSwirlds
Merge pull request #215 from swirlds/214-D-RemoveStateRecoverTest
0cef24c 
remove state recover test
Daniel-K-Ivanov pushed a commit that referenced this issue May 25, 2021
@failfmi
Feature(token): add type and max supply (#1401)
90c8d5d 
* feat(merkle-token): type & max supply (#215)

* Add token type to MerkleToken
* Add max supply to MerkleToken
* Update tests

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat(merkle-token): representation type; inline-docs: token enums (#219)

Signed-off-by: failfmi <oscurocalma@gmail.com>

* fix(merkle-token): merge type and representation

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat: add supply type

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat(token-create): prechecks, store, hapi-fees (#220)

Signed-off-by: failfmi <oscurocalma@gmail.com>
Daniel-K-Ivanov pushed a commit that referenced this issue May 26, 2021
@failfmi
Feature(state-view): TokenInfo types and max supply (#1475)
c15f3d0 
* feat(merkle-token): type & max supply (#215)

* Add token type to MerkleToken
* Add max supply to MerkleToken
* Update tests

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat(token-store-creation): handle type and max supply (#217)

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat(token-create-precheck): check nonfungible initial supply and decimals

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat(fees-token-create): add type and max supply

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat(merkle-token): representation type; inline-docs: token enums (#219)

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat(hapi-fees-token-create): include token representation type

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat(token-create-prechecks): max supply checks

Signed-off-by: failfmi <oscurocalma@gmail.com>

* e2e: non-fungible and max supply tests

Signed-off-by: failfmi <oscurocalma@gmail.com>

* e2e: switch optionals to actual types

Signed-off-by: failfmi <oscurocalma@gmail.com>

* fix(merkle-token): merge type and representation

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat: add supply type

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat(token-create): prechecks, store, hapi-fees (#220)

Signed-off-by: failfmi <oscurocalma@gmail.com>

* feat(state-view): TokenInfo types and max supply (#222)

Signed-off-by: failfmi <oscurocalma@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@qnswirlds qnswirlds

@tinker-michaelj tinker-michaelj

@anighanta anighanta

Labels
Bug An error that causes the feature to behave differently than what was expected based on design. Impact Potentially impacts SDK, clients, docs and/or users. P1 High priority issue, which must be completed in the milestone otherwise the release is at risk.
Projects
None yet
Milestone
Hedera 0.7.0
Development

No branches or pull requests
5 participants
@nathanklick @noshmody @qnswirlds @tinker-michaelj @anighanta