I've found two "troubles" with TSSLTransportParameters, one that I could
solve and one that is not so fortunate, see below:


I'm reporting the less troublesome issue just in case somebody else may
profit from my finding: In the Java example, the TSSLTransportParameters
have "only" setKeyStore(). This alone was not sufficient for me, I needed
to also set a corresponding truststore with setTrustStore(), otherwise the
C++ client would abort the SSL connection with a "unknown certificate".
I generated my keys as outlined in https://thrift.apache.org/test/keys and
use the Java Server example from https://thrift.apache.org/tutorial/java.
The C++ client from the test directory would not work unless setTrustStore()
is added to the Server. Or maybe I'm doing something wrong?


The other issue with TSSLTransportParameters() is that I'm unable to find
examples how the SSL protocol should work. I found lots of docs on openssl
and protocols, but they mention at least various versions of SSL and TLS.
TSSLTransportParameters uses a string, and it seems "TLS" is the default?
What is valid? Can I specify SSLv3, or a list of protocols?

All the best,

Mario Emmenlauer