=rem #15779 Deprecate InternetSeedGenerator
This commit is contained in:
Patrik Nordwall
parent
e19d3cb3e8
commit
e66a7fadfd
6 changed files with 19 additions and 4 deletions
|
|
@ -167,6 +167,12 @@ Secure Cookies
|
|||
|
||||
`Secure cookies` feature was deprecated.
|
||||
|
||||
AES128CounterInetRNG and AES256CounterInetRNG are Deprecated
|
||||
============================================================
|
||||
|
||||
Use ``AES128CounterSecureRNG`` or ``AES256CounterSecureRNG`` as
|
||||
``akka.remote.netty.ssl.security.random-number-generator``.
|
||||
|
||||
Microkernel is Deprecated
|
||||
=========================
|
||||
|
||||
|
|
|
|||
|
|
@ -507,8 +507,10 @@ akka {
|
|||
# "AES128CounterSecureRNG" => fastest startup and based on AES encryption
|
||||
# algorithm
|
||||
# "AES256CounterSecureRNG"
|
||||
# The following use one of 3 possible seed sources, depending on
|
||||
# availability: /dev/random, random.org and SecureRandom (provided by Java)
|
||||
#
|
||||
# The following are deprecated in Akka 2.4. They use one of 3 possible
|
||||
# seed sources, depending on availability: /dev/random, random.org and
|
||||
# SecureRandom (provided by Java)
|
||||
# "AES128CounterInetRNG"
|
||||
# "AES256CounterInetRNG" (Install JCE Unlimited Strength Jurisdiction
|
||||
# Policy Files first)
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import SeedSize.Seed128
|
|||
* Depending on availability: random.org, /dev/random, and SecureRandom (provided by Java)
|
||||
* The only method used by netty ssl is engineNextBytes(bytes)
|
||||
*/
|
||||
@deprecated("Use AES128CounterSecureRNG instead", "2.4")
|
||||
class AES128CounterInetRNG extends java.security.SecureRandomSpi {
|
||||
private val rng = new AESCounterRNG(engineGenerateSeed(Seed128))
|
||||
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import SeedSize.Seed256
|
|||
* Depending on availability: random.org, /dev/random, and SecureRandom (provided by Java)
|
||||
* The only method used by netty ssl is engineNextBytes(bytes)
|
||||
*/
|
||||
@deprecated("Use AES256CounterSecureRNG instead", "2.4")
|
||||
class AES256CounterInetRNG extends java.security.SecureRandomSpi {
|
||||
private val rng = new AESCounterRNG(engineGenerateSeed(Seed256))
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import scala.collection.immutable
|
|||
* current operating environment.
|
||||
* @author Daniel Dyer
|
||||
*/
|
||||
@deprecated("Use another seed generator instead", "2.4")
|
||||
object InternetSeedGenerator {
|
||||
/**
|
||||
* @return The singleton instance of this class.
|
||||
|
|
|
|||
|
|
@ -67,16 +67,20 @@ private[akka] object NettySSLSupport {
|
|||
|
||||
def initializeCustomSecureRandom(rngName: Option[String], log: LoggingAdapter): SecureRandom = {
|
||||
val rng = rngName match {
|
||||
case Some(r @ ("AES128CounterSecureRNG" | "AES256CounterSecureRNG" | "AES128CounterInetRNG" | "AES256CounterInetRNG")) ⇒
|
||||
case Some(r @ ("AES128CounterSecureRNG" | "AES256CounterSecureRNG")) ⇒
|
||||
log.debug("SSL random number generator set to: {}", r)
|
||||
SecureRandom.getInstance(r, AkkaProvider)
|
||||
case Some(r @ ("AES128CounterInetRNG" | "AES256CounterInetRNG")) ⇒
|
||||
log.warning("SSL random number generator {} is deprecated, " +
|
||||
"use AES128CounterSecureRNG or AES256CounterSecureRNG instead", r)
|
||||
SecureRandom.getInstance(r, AkkaProvider)
|
||||
case Some(s @ ("SHA1PRNG" | "NativePRNG")) ⇒
|
||||
log.debug("SSL random number generator set to: " + s)
|
||||
// SHA1PRNG needs /dev/urandom to be the source on Linux to prevent problems with /dev/random blocking
|
||||
// However, this also makes the seed source insecure as the seed is reused to avoid blocking (not a problem on FreeBSD).
|
||||
SecureRandom.getInstance(s)
|
||||
case Some(unknown) ⇒
|
||||
log.debug("Unknown SSLRandomNumberGenerator [{}] falling back to SecureRandom", unknown)
|
||||
log.warning("Unknown SSLRandomNumberGenerator [{}] falling back to SecureRandom", unknown)
|
||||
new SecureRandom
|
||||
case None ⇒
|
||||
log.debug("SSLRandomNumberGenerator not specified, falling back to SecureRandom")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue