Remove more cipher suites not supported by Java 11 from set configured for use by ZooKeeper

author: Harald Musum <musum@verizonmedia.com> 2019-11-21 08:17:54 +0100
committer: Harald Musum <musum@verizonmedia.com> 2019-11-21 08:17:54 +0100
commit: f50320c26942304629d79c80cdc6776f4c486f7e (patch)
tree: 446122ef06eca481248d100f145a9868049e440c /zookeeper-server
parent: 05377eb166b3d310774545fdd35172991dba9390 (diff)
2 files changed, 5 insertions, 2 deletions
diff --git a/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java b/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java
index 8b880ba6a97..fe4a3170954 100644
--- a/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java
+++ b/zookeeper-server/zookeeper-server-3.5/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java
@@ -165,8 +165,11 @@ public class VespaZooKeeperServerImpl extends AbstractComponent implements Runna
 
     private TreeSet<String> getCipherSuites() {
         Set<String> cipherSuites = new HashSet<>(TlsContext.ALLOWED_CIPHER_SUITES);
-        // Remove cipher suite not supported by Java
+        // Remove cipher suites not supported by Java 11
         cipherSuites.remove("TLS_CHACHA20_POLY1305_SHA256");
+        cipherSuites.remove("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
+        cipherSuites.remove("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256");
+        cipherSuites.remove("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256");
         return new TreeSet<>(cipherSuites);
     }
 
diff --git a/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java b/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java
index 1f995655fd1..64feec7b9ed 100644
--- a/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java
+++ b/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java
@@ -204,7 +204,7 @@ public class VespaZooKeeperServerImplTest {
     private String commonTlsConfig() {
         return "ssl.quorum.hostnameVerification=false\n" +
                "ssl.quorum.clientAuth=NEED\n" +
-               "ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n" +
+               "ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n" +
                "ssl.quorum.enabledProtocols=TLSv1.2\n" +
                "ssl.quorum.protocol=TLS\n";
     }
author	Harald Musum <musum@verizonmedia.com>	2019-11-21 08:17:54 +0100
committer	Harald Musum <musum@verizonmedia.com>	2019-11-21 08:17:54 +0100
commit	f50320c26942304629d79c80cdc6776f4c486f7e (patch)
tree	446122ef06eca481248d100f145a9868049e440c /zookeeper-server
parent	05377eb166b3d310774545fdd35172991dba9390 (diff)