This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch atlas-2.5
in repository https://gitbox.apache.org/repos/asf/atlas.git
commit 538f43cc14095493f7652afaedc4faaf9b165f19
Author: chaitalicod <36201417+chaitali...@users.noreply.github.com>
AuthorDate: Mon Jun 23 12:33:33 2025 +0530
ATLAS-5047: ATLAS- Support TLS 1.3 (#364)
Co-authored-by: chaitalithombare <chaitalithomb...@apache.org>
(cherry picked from commit 7502cec2e3857ac67f2cc90df352fd03157ee168)
---
.../java/org/apache/atlas/security/SecurityProperties.java | 3 +++
.../org/apache/atlas/web/service/SecureEmbeddedServer.java | 14 ++++++++++++++
2 files changed, 17 insertions(+)
diff --git
a/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
b/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
index c53c80acb..5bfbe8915 100644
--- a/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
+++ b/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
@@ -40,9 +40,12 @@ public final class SecurityProperties {
public static final String SSL_CLIENT_PROPERTIES
= "ssl-client.xml";
public static final String BIND_ADDRESS
= "atlas.server.bind.address";
public static final String ATLAS_SSL_EXCLUDE_CIPHER_SUITES
= "atlas.ssl.exclude.cipher.suites";
+ public static final String ATLAS_SSL_ENABLED_ALGORITHMS
= "atlas.ssl.enabled.algorithms";
public static final List<String> DEFAULT_CIPHER_SUITES
= Arrays.asList(".*NULL.*", ".*RC4.*", ".*MD5.*", ".*DES.*", ".*DSS.*");
public static final String ATLAS_SSL_EXCLUDE_PROTOCOLS
= "atlas.ssl.exclude.protocols";
+ public static final String ATLAS_SSL_ENABLED_PROTOCOLS
= "atlas.ssl.enabled.protocols";
public static final String[] DEFAULT_EXCLUDE_PROTOCOLS
= new String[] {"TLSv1", "TLSv1.1"};
+ public static final String[] ATLAS_SSL_DEFAULT_PROTOCOL
= new String[] { "TLSv1.2" };
private SecurityProperties() {
}
diff --git
a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
index 2933f4f46..86e289f66 100755
---
a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++
b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -55,6 +55,9 @@ import java.util.List;
import static
org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_CIPHER_SUITES;
import static
org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_PROTOCOLS;
+import static
org.apache.atlas.security.SecurityProperties.ATLAS_SSL_ENABLED_ALGORITHMS;
+import static
org.apache.atlas.security.SecurityProperties.ATLAS_SSL_ENABLED_PROTOCOLS;
+import static
org.apache.atlas.security.SecurityProperties.ATLAS_SSL_DEFAULT_PROTOCOL;
import static org.apache.atlas.security.SecurityProperties.CLIENT_AUTH_KEY;
import static
org.apache.atlas.security.SecurityProperties.DEFATULT_TRUSTORE_FILE_LOCATION;
import static
org.apache.atlas.security.SecurityProperties.DEFAULT_CIPHER_SUITES;
@@ -117,6 +120,17 @@ public class SecureEmbeddedServer extends EmbeddedServer {
sslContextFactory.addExcludeProtocols(excludedProtocols);
}
+ List<Object> enabledCiphersList =
config.getList(ATLAS_SSL_ENABLED_ALGORITHMS);
+ if (enabledCiphersList != null && !enabledCiphersList.isEmpty()) {
+
sslContextFactory.setIncludeCipherSuites(enabledCiphersList.toArray(new
String[enabledCiphersList.size()]));
+ }
+ String[] enabledProtocols =
config.containsKey(ATLAS_SSL_ENABLED_PROTOCOLS) ?
+ config.getStringArray(ATLAS_SSL_ENABLED_PROTOCOLS) :
ATLAS_SSL_DEFAULT_PROTOCOL;
+
+ if (enabledProtocols != null && enabledProtocols.length > 0) {
+ sslContextFactory.setIncludeProtocols(enabledProtocols);
+ }
+
// SSL HTTP Configuration
// HTTP Configuration
HttpConfiguration httpConfig = new HttpConfiguration();
