[accumulo] branch main updated: Bump default Accumulo RPC client to TLSv1.3 (#3792)

Fri, 06 Oct 2023 15:15:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

cshannon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/accumulo.git


The following commit(s) were added to refs/heads/main by this push:
     new 61dc5ad6a4 Bump default Accumulo RPC client to TLSv1.3 (#3792)
61dc5ad6a4 is described below

commit 61dc5ad6a4983abaf107e94321f3a37e37375267
Author: Christopher L. Shannon <christopher.l.shan...@gmail.com>
AuthorDate: Fri Oct 6 18:15:04 2023 -0400

    Bump default Accumulo RPC client to TLSv1.3 (#3792)
    
    This commit also sets TLSv1.3 to the list of accepted protocols for the
    RPC server and Monitor server.
    
    This closes #3786
    
    ---------
    
    Co-authored-by: Christopher Tubbs <ctubb...@apache.org>
---
 core/src/main/java/org/apache/accumulo/core/conf/Property.java      | 6 +++---
 .../main/java/org/apache/accumulo/test/functional/MonitorSslIT.java | 2 +-
 .../main/java/org/apache/accumulo/test/functional/ReadWriteIT.java  | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java 
b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index b02b919138..a4b627068c 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -77,9 +77,9 @@ public enum Property {
       "1.6.0"),
   RPC_SSL_CIPHER_SUITES("rpc.ssl.cipher.suites", "", PropertyType.STRING,
       "Comma separated list of cipher suites that can be used by accepted 
connections", "1.6.1"),
-  RPC_SSL_ENABLED_PROTOCOLS("rpc.ssl.server.enabled.protocols", "TLSv1.2", 
PropertyType.STRING,
+  RPC_SSL_ENABLED_PROTOCOLS("rpc.ssl.server.enabled.protocols", "TLSv1.3", 
PropertyType.STRING,
       "Comma separated list of protocols that can be used to accept 
connections", "1.6.2"),
-  RPC_SSL_CLIENT_PROTOCOL("rpc.ssl.client.protocol", "TLSv1.2", 
PropertyType.STRING,
+  RPC_SSL_CLIENT_PROTOCOL("rpc.ssl.client.protocol", "TLSv1.3", 
PropertyType.STRING,
       "The protocol used to connect to a secure server, must be in the list of 
enabled protocols "
           + "on the server side (rpc.ssl.server.enabled.protocols)",
       "1.6.2"),
@@ -797,7 +797,7 @@ public enum Property {
       "A comma-separated list of disallowed SSL Ciphers, see"
           + " monitor.ssl.include.ciphers to allow ciphers",
       "1.6.1"),
-  MONITOR_SSL_INCLUDE_PROTOCOLS("monitor.ssl.include.protocols", "TLSv1.2", 
PropertyType.STRING,
+  MONITOR_SSL_INCLUDE_PROTOCOLS("monitor.ssl.include.protocols", "TLSv1.3", 
PropertyType.STRING,
       "A comma-separate list of allowed SSL protocols", "1.5.3"),
   MONITOR_LOCK_CHECK_INTERVAL("monitor.lock.check.interval", "5s", 
PropertyType.TIMEDURATION,
       "The amount of time to sleep between checking for the Monitor ZooKeeper 
lock", "1.5.1"),
diff --git 
a/test/src/main/java/org/apache/accumulo/test/functional/MonitorSslIT.java 
b/test/src/main/java/org/apache/accumulo/test/functional/MonitorSslIT.java
index 5457b17612..ec3b2ebbff 100644
--- a/test/src/main/java/org/apache/accumulo/test/functional/MonitorSslIT.java
+++ b/test/src/main/java/org/apache/accumulo/test/functional/MonitorSslIT.java
@@ -62,7 +62,7 @@ public class MonitorSslIT extends ConfigurableMacBase {
 
   @BeforeAll
   public static void initHttps() throws NoSuchAlgorithmException, 
KeyManagementException {
-    SSLContext ctx = SSLContext.getInstance("TLSv1.2");
+    SSLContext ctx = SSLContext.getInstance("TLSv1.3");
     TrustManager[] tm = {new TestTrustManager()};
     ctx.init(new KeyManager[0], tm, RANDOM.get());
     SSLContext.setDefault(ctx);
diff --git 
a/test/src/main/java/org/apache/accumulo/test/functional/ReadWriteIT.java 
b/test/src/main/java/org/apache/accumulo/test/functional/ReadWriteIT.java
index 84aa32fa5f..e601638ae0 100644
--- a/test/src/main/java/org/apache/accumulo/test/functional/ReadWriteIT.java
+++ b/test/src/main/java/org/apache/accumulo/test/functional/ReadWriteIT.java
@@ -154,7 +154,7 @@ public class ReadWriteIT extends AccumuloClusterHarness {
         if (monitorSslKeystore != null && !monitorSslKeystore.isEmpty()) {
           log.info(
               "Using HTTPS since monitor ssl keystore configuration was 
observed in accumulo configuration");
-          SSLContext ctx = SSLContext.getInstance("TLSv1.2");
+          var ctx = 
SSLContext.getInstance(Property.RPC_SSL_CLIENT_PROTOCOL.getDefaultValue());
           TrustManager[] tm = {new TestTrustManager()};
           ctx.init(new KeyManager[0], tm, RANDOM.get());
           SSLContext.setDefault(ctx);

Reply via email to