Keith Wall

For the Kubernetes case, oauth-proxy currently supports a single source of the trust (from SSL_CERT_DIR environment variable) which currently supports a single directory (this is due to change in [Go...

I raised a PR against oauth2-proxy (https://github.com/oauth2-proxy/oauth2-proxy/pull/645) so it can support an alternative source of provider trust. If this gets incorporated, I will follow up with a change to the...

No, log4j2 is not used by EnMasse. EnMasse's java components use Logback. Apache Dispatch Router is not Java, and Artemis uses the JBoss Logging framework https://activemq.apache.org/components/artemis/documentation/latest/logging.html

+1 from me too.

@lulf I think the question is about the ability to turn off of insecure ciphers within a protocol version (TLS 1.2 in this case).

Having just talked to @rgodfrey I understand the (slight) difficultly in implementing a whitelist/blacklist is that that the Broker (Java) uses different cipher suite naming to that of the Dispatch...

I notice that for Java, there is a io.netty.handler.ssl.CipherSuiteConverter which is capable of converting between OpenSSL names and Java ones (=IANA names?). We could add cipher suite white and black...

Purge will be implemented by #3320

My suspicion is that it is the call to 'redeem endpoint' (the token endpoint) make by oauth-proxy is hanging during. I notice that the HTTP call made by it has...

I see that the Broker is loading the JVM's default logging.properties of the JVM rather than the logging.properties provided the broker-plugin. I have not yet worked out what caused the...