diff options
author | Harald Musum <musum@verizonmedia.com> | 2019-11-21 08:17:54 +0100 |
---|---|---|
committer | Harald Musum <musum@verizonmedia.com> | 2019-11-21 08:17:54 +0100 |
commit | f50320c26942304629d79c80cdc6776f4c486f7e (patch) | |
tree | 446122ef06eca481248d100f145a9868049e440c /zookeeper-server | |
parent | 05377eb166b3d310774545fdd35172991dba9390 (diff) |
Remove more cipher suites not supported by Java 11 from set configured for use by ZooKeeper
Diffstat (limited to 'zookeeper-server')
2 files changed, 5 insertions, 2 deletions
diff --git a/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java b/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java index 8b880ba6a97..fe4a3170954 100644 --- a/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java +++ b/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java @@ -165,8 +165,11 @@ public class VespaZooKeeperServerImpl extends AbstractComponent implements Runna private TreeSet<String> getCipherSuites() { Set<String> cipherSuites = new HashSet<>(TlsContext.ALLOWED_CIPHER_SUITES); - // Remove cipher suite not supported by Java + // Remove cipher suites not supported by Java 11 cipherSuites.remove("TLS_CHACHA20_POLY1305_SHA256"); + cipherSuites.remove("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); + cipherSuites.remove("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); + cipherSuites.remove("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); return new TreeSet<>(cipherSuites); } diff --git a/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java b/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java index 1f995655fd1..64feec7b9ed 100644 --- a/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java +++ b/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java @@ -204,7 +204,7 @@ public class VespaZooKeeperServerImplTest { private String commonTlsConfig() { return "ssl.quorum.hostnameVerification=false\n" + "ssl.quorum.clientAuth=NEED\n" + - "ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n" + + "ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n" + "ssl.quorum.enabledProtocols=TLSv1.2\n" + "ssl.quorum.protocol=TLS\n"; } |