From 5a2e71098793be75cc5b2c8984e99ad3651eba40 Mon Sep 17 00:00:00 2001
From: "shutian.lzh" <shutian.lzh@alibaba-inc.com>
Date: Fri, 1 Dec 2017 19:52:30 +0800
Subject: [PATCH] [ROCKETMQ-315] Enhance TLS default settings

Author: shutian.lzh <shutian.lzh@alibaba-inc.com>

Closes #194 from lizhanhui/tls_enhance_defaults.
---
 .../src/main/java/org/apache/rocketmq/broker/BrokerStartup.java | 2 +-
 .../org/apache/rocketmq/remoting/netty/NettySystemConfig.java   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java b/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java
index e9237b67..a066652d 100644
--- a/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java
+++ b/broker/src/main/java/org/apache/rocketmq/broker/BrokerStartup.java
@@ -98,7 +98,7 @@ public class BrokerStartup {
             final BrokerConfig brokerConfig = new BrokerConfig();
             final NettyServerConfig nettyServerConfig = new NettyServerConfig();
             final NettyClientConfig nettyClientConfig = new NettyClientConfig();
-            nettyClientConfig.setUseTLS(NettySystemConfig.sslMode != SslMode.DISABLED);
+            nettyClientConfig.setUseTLS(NettySystemConfig.sslMode == SslMode.ENFORCING);
             nettyServerConfig.setListenPort(10911);
             final MessageStoreConfig messageStoreConfig = new MessageStoreConfig();
 
diff --git a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java
index 28a7f275..b9c1f3fa 100644
--- a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java
+++ b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettySystemConfig.java
@@ -57,7 +57,7 @@ public class NettySystemConfig {
      * </ol>
      */
     public static SslMode sslMode = //
-        SslMode.parse(System.getProperty(ORG_APACHE_ROCKETMQ_REMOTING_SSL_MODE, "disabled"));
+        SslMode.parse(System.getProperty(ORG_APACHE_ROCKETMQ_REMOTING_SSL_MODE, "permissive"));
 
     public static String sslConfigFile = //
         System.getProperty(ORG_APACHE_ROCKETMQ_REMOTING_SSL_CONFIG_FILE, "/etc/rocketmq/ssl.properties");
-- 
GitLab