diff options
| author | Harald Musum <musum@verizonmedia.com> | 2019-11-20 16:29:37 +0100 |
|---|---|---|
| committer | Harald Musum <musum@verizonmedia.com> | 2019-11-20 16:29:37 +0100 |
| commit | 130a6f945e84adddb531bb76a6693e3b01b46cd0 (patch) | |
| tree | 90eb34d753d8aa32c7764750fc8c1ca613d7b127 /zookeeper-server | |
| parent | 4d6ddae6ddb47451bc8bf473c9edab4aa47d6df2 (diff) | |
Remove cipher suite not supported by Java
Diffstat (limited to 'zookeeper-server')
2 files changed, 10 insertions, 2 deletions
diff --git a/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java b/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java index ed8be3ad7f4..8b880ba6a97 100644 --- a/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java +++ b/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java @@ -25,6 +25,7 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.security.PrivateKey; import java.security.cert.X509Certificate; +import java.util.HashSet; import java.util.List; import java.util.Optional; import java.util.Set; @@ -122,7 +123,7 @@ public class VespaZooKeeperServerImpl extends AbstractComponent implements Runna // Common config sb.append("ssl.quorum.hostnameVerification=false\n"); sb.append("ssl.quorum.clientAuth=NEED\n"); - sb.append("ssl.quorum.ciphersuites=").append(String.join(",", new TreeSet<>(TlsContext.ALLOWED_CIPHER_SUITES))).append("\n"); + sb.append("ssl.quorum.ciphersuites=").append(String.join(",", getCipherSuites())).append("\n"); sb.append("ssl.quorum.enabledProtocols=").append(String.join(",", new TreeSet<>(TlsContext.ALLOWED_PROTOCOLS))).append("\n"); sb.append("ssl.quorum.protocol=TLS\n"); @@ -162,6 +163,13 @@ public class VespaZooKeeperServerImpl extends AbstractComponent implements Runna return sb.toString(); } + private TreeSet<String> getCipherSuites() { + Set<String> cipherSuites = new HashSet<>(TlsContext.ALLOWED_CIPHER_SUITES); + // Remove cipher suite not supported by Java + cipherSuites.remove("TLS_CHACHA20_POLY1305_SHA256"); + return new TreeSet<>(cipherSuites); + } + private void writeMyIdFile(ZookeeperServerConfig config) throws IOException { if (config.server().size() > 1) { try (FileWriter writer = new FileWriter(getDefaults().underVespaHome(config.myidFile()))) { diff --git a/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java b/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java index 953a85aeaaf..1f995655fd1 100644 --- a/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java +++ b/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java @@ -204,7 +204,7 @@ public class VespaZooKeeperServerImplTest { private String commonTlsConfig() { return "ssl.quorum.hostnameVerification=false\n" + "ssl.quorum.clientAuth=NEED\n" + - "ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n" + + "ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n" + "ssl.quorum.enabledProtocols=TLSv1.2\n" + "ssl.quorum.protocol=TLS\n"; } |