diff options
| author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-11-08 09:08:47 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-08 09:08:47 +0100 |
| commit | 45f87da3b6d87af0be509e0ca25a152dcc061d1c (patch) | |
| tree | 4ae85a21406ee082868801a6b87eb96a7d3099c8 | |
| parent | a6aede7c79dcda9bee20174296b9673d9e0b32b1 (diff) | |
| parent | ed5756b6ebedbfda40adae2a7643f2969074c74b (diff) | |
Merge pull request #19876 from vespa-engine/jdk17-zookeeper-server
JDK 17: verify cipher suites depending on JDK version.
| -rw-r--r-- | zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java index d2361853436..305e7b828b1 100644 --- a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java +++ b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java @@ -175,18 +175,28 @@ public class ConfiguratorTest { validateConfigFile(cfgFile, expected); } + private String cipherSuites() { + // TODO: Remove when Vespa is only built with JDK 17 + int jdkVersion = Integer.parseInt(System.getProperty("java.version").split("\\.")[0]); + if (jdkVersion < 12) + return "TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; + + return "TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256," + + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256," + + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; + } + private String tlsQuorumConfig() { return "ssl.quorum.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider\n" + - "ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n" + + "ssl.quorum.ciphersuites=" + cipherSuites() + "\n" + "ssl.quorum.enabledProtocols=TLSv1.2\n" + "ssl.quorum.clientAuth=NEED\n"; } private String tlsClientServerConfig() { return "ssl.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider\n" + - "ssl.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n" + + "ssl.ciphersuites=" + cipherSuites() + "\n" + "ssl.enabledProtocols=TLSv1.2\n" + "ssl.clientAuth=NEED\n"; } |