diff options
| author | gjoranv <gv@verizonmedia.com> | 2021-11-04 21:03:36 +0100 |
|---|---|---|
| committer | gjoranv <gv@verizonmedia.com> | 2021-11-04 21:31:54 +0100 |
| commit | ed5756b6ebedbfda40adae2a7643f2969074c74b (patch) | |
| tree | 76c8deeee778052dc8a14a847fcc20f80e6fb707 | |
| parent | 233e8de27b28515a3c8afbf865e6f8bb9139b5fe (diff) | |
JDK 17: verify cipher suites depending on JDK version.
| -rw-r--r-- | zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java index d2361853436..305e7b828b1 100644 --- a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java +++ b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java @@ -175,18 +175,28 @@ public class ConfiguratorTest { validateConfigFile(cfgFile, expected); } + private String cipherSuites() { + // TODO: Remove when Vespa is only built with JDK 17 + int jdkVersion = Integer.parseInt(System.getProperty("java.version").split("\\.")[0]); + if (jdkVersion < 12) + return "TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; + + return "TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256," + + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256," + + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; + } + private String tlsQuorumConfig() { return "ssl.quorum.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider\n" + - "ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n" + + "ssl.quorum.ciphersuites=" + cipherSuites() + "\n" + "ssl.quorum.enabledProtocols=TLSv1.2\n" + "ssl.quorum.clientAuth=NEED\n"; } private String tlsClientServerConfig() { return "ssl.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider\n" + - "ssl.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n" + + "ssl.ciphersuites=" + cipherSuites() + "\n" + "ssl.enabledProtocols=TLSv1.2\n" + "ssl.clientAuth=NEED\n"; } |