[MGNLADVCACHE-62] URLConnectionBuilder cannot be configured for more secure protocol Created: 30/Oct/15  Updated: 15/Apr/16  Resolved: 27/Nov/15

Status: Closed
Project: Advanced Cache
Component/s: core
Affects Version/s: 1.7.1
Fix Version/s: None

Type: Improvement Priority: Critical
Reporter: Richard Gange Assignee: Roman Kovařík
Resolution: Workaround exists Votes: 0
Labels: security, support
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
causality
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:
Visible to:
Sathyaprakash rao
Sprint: Kromeriz 20
Story Points: 5

 Description   

Currently info.magnolia.module.advancedcache.util.URLConnectionBuilder cannot be configured for any of the more secure protocol options.

This creates an issue for customers that wish to use Dynamic Page Caching and adhere to the security standards mandated by the company. DPC relies on URLConnectionBuilder inside info.magnolia.sitemesh.content.InjectUrlTag. If the sever is configured to only accept secure connections then the requests made for the dynamic pieces are blocked.



 Comments   
Comment by Roman Kovařík [ 27/Nov/15 ]

We'll not fix this issue since java7 has reached its EOL (https://java.com/en/download/faq/java_7.xml).
Everybody who wants to use TLS1.2 has to upgrade to java8.

Generated at Sun Feb 11 23:10:38 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.