=rem #15779 Deprecate InternetSeedGenerator

akka-docs/rst/project/migration-guide-2.3.x-2.4.x.rst

@@ -167,6 +167,12 @@ Secure Cookies
 
 `Secure cookies` feature was deprecated.
 
+AES128CounterInetRNG and AES256CounterInetRNG are Deprecated
+============================================================
+
+Use ``AES128CounterSecureRNG`` or ``AES256CounterSecureRNG`` as 
+``akka.remote.netty.ssl.security.random-number-generator``. 
+
 Microkernel is Deprecated
 =========================
 

akka-remote/src/main/resources/reference.conf

@@ -507,8 +507,10 @@ akka {
         # "AES128CounterSecureRNG" => fastest startup and based on AES encryption
         # algorithm
         # "AES256CounterSecureRNG"
-        # The following use one of 3 possible seed sources, depending on
+        #
-        # availability: /dev/random, random.org and SecureRandom (provided by Java)
+        # The following are deprecated in Akka 2.4. They use one of 3 possible
+        # seed sources, depending on availability: /dev/random, random.org and 
+        # SecureRandom (provided by Java)
         # "AES128CounterInetRNG"
         # "AES256CounterInetRNG" (Install JCE Unlimited Strength Jurisdiction
         # Policy Files first)

akka-remote/src/main/scala/akka/remote/security/provider/AES128CounterInetRNG.scala

@@ -13,6 +13,7 @@ import SeedSize.Seed128
  * Depending on availability: random.org, /dev/random, and SecureRandom (provided by Java)
  * The only method used by netty ssl is engineNextBytes(bytes)
  */
+@deprecated("Use AES128CounterSecureRNG instead", "2.4")
 class AES128CounterInetRNG extends java.security.SecureRandomSpi {
   private val rng = new AESCounterRNG(engineGenerateSeed(Seed128))
 

akka-remote/src/main/scala/akka/remote/security/provider/AES256CounterInetRNG.scala

@@ -13,6 +13,7 @@ import SeedSize.Seed256
  * Depending on availability: random.org, /dev/random, and SecureRandom (provided by Java)
  * The only method used by netty ssl is engineNextBytes(bytes)
  */
+@deprecated("Use AES256CounterSecureRNG instead", "2.4")
 class AES256CounterInetRNG extends java.security.SecureRandomSpi {
   private val rng = new AESCounterRNG(engineGenerateSeed(Seed256))
 

akka-remote/src/main/scala/akka/remote/security/provider/InternetSeedGenerator.scala

@@ -25,6 +25,7 @@ import scala.collection.immutable
  * current operating environment.
  * @author Daniel Dyer
  */
+@deprecated("Use another seed generator instead", "2.4")
 object InternetSeedGenerator {
   /**
    * @return The singleton instance of this class.

akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala

@@ -67,16 +67,20 @@ private[akka] object NettySSLSupport {
 
   def initializeCustomSecureRandom(rngName: Option[String], log: LoggingAdapter): SecureRandom = {
     val rng = rngName match {
-      case Some(r @ ("AES128CounterSecureRNG" | "AES256CounterSecureRNG" | "AES128CounterInetRNG" | "AES256CounterInetRNG")) ⇒
+      case Some(r @ ("AES128CounterSecureRNG" | "AES256CounterSecureRNG")) ⇒
         log.debug("SSL random number generator set to: {}", r)
         SecureRandom.getInstance(r, AkkaProvider)
+      case Some(r @ ("AES128CounterInetRNG" | "AES256CounterInetRNG")) ⇒
+        log.warning("SSL random number generator {} is deprecated, " +
+          "use AES128CounterSecureRNG or AES256CounterSecureRNG instead", r)
+        SecureRandom.getInstance(r, AkkaProvider)
       case Some(s @ ("SHA1PRNG" | "NativePRNG")) ⇒
         log.debug("SSL random number generator set to: " + s)
         // SHA1PRNG needs /dev/urandom to be the source on Linux to prevent problems with /dev/random blocking
         // However, this also makes the seed source insecure as the seed is reused to avoid blocking (not a problem on FreeBSD).
         SecureRandom.getInstance(s)
       case Some(unknown) ⇒
-        log.debug("Unknown SSLRandomNumberGenerator [{}] falling back to SecureRandom", unknown)
+        log.warning("Unknown SSLRandomNumberGenerator [{}] falling back to SecureRandom", unknown)
         new SecureRandom
       case None ⇒
         log.debug("SSLRandomNumberGenerator not specified, falling back to SecureRandom")