You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by sm...@apache.org on 2021/05/03 22:42:28 UTC
[geode] branch support/1.12 updated: GEODE-9218: Remove TLSv1 and
TLSv1.1 from tests. (#6412)
This is an automated email from the ASF dual-hosted git repository.
smgoller pushed a commit to branch support/1.12
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/support/1.12 by this push:
new c5e5024 GEODE-9218: Remove TLSv1 and TLSv1.1 from tests. (#6412)
c5e5024 is described below
commit c5e5024d7b4c2cd9f9f45e148701011091626143
Author: Sean Goller <se...@goller.net>
AuthorDate: Fri Apr 30 15:38:42 2021 -0700
GEODE-9218: Remove TLSv1 and TLSv1.1 from tests. (#6412)
Recent versions of JDK11 and 8 have disabled TLSv1 and TLSv1.1 by default.
We shouldn't be using these protocols so we shouldn't be testing them anymore either.
(cherry picked from commit ee7b611b51b11693da92418c861d37ce57216298)
(cherry picked from commit fdf5662d82b402ea2a95521bd910fe5de0293ce9)
(cherry picked from commit ba67f4ed5b906ad99e47388b3d2c0b29c6d3751f)
---
.../web/controllers/RestAPIsWithSSLDUnitTest.java | 30 ----------------------
.../rest/internal/web/RestSecurityWithSSLTest.java | 2 +-
.../apache/geode/distributed/LocatorDUnitTest.java | 2 +-
.../apache/geode/management/JMXMBeanDUnitTest.java | 2 +-
.../net/SocketCreatorFactoryJUnitTest.java | 12 ++++-----
5 files changed, 9 insertions(+), 39 deletions(-)
diff --git a/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java b/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
index 68d28c7..bcc014f 100644
--- a/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
+++ b/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
@@ -328,22 +328,6 @@ public class RestAPIsWithSSLDUnitTest {
}
@Test
- public void testSSLWithTLSv11Protocol() throws Exception {
- Properties props = new Properties();
- props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath());
- props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath());
- props.setProperty(SSL_KEYSTORE_PASSWORD, "password");
- props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
- props.setProperty(SSL_KEYSTORE_TYPE, "JKS");
- props.setProperty(SSL_PROTOCOLS, "TLSv1.1");
- props.setProperty(SSL_CIPHERS, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant());
-
- startClusterWithSSL(props);
- validateConnection(props);
- }
-
- @Test
public void testSSLWithTLSv12Protocol() throws Exception {
Properties props = new Properties();
props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath());
@@ -509,20 +493,6 @@ public class RestAPIsWithSSLDUnitTest {
}
@Test
- public void testSSLWithTLSv11ProtocolLegacy() throws Exception {
- Properties props = new Properties();
- props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
- props.setProperty(HTTP_SERVICE_SSL_KEYSTORE,
- findTrustedJKSWithSingleEntry().getCanonicalPath());
- props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password");
- props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1.1");
- props.setProperty(HTTP_SERVICE_SSL_CIPHERS, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
-
- startClusterWithSSL(props);
- validateConnection(props);
- }
-
- @Test
public void testSSLWithTLSv12ProtocolLegacy() throws Exception {
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
diff --git a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java
index 32f83f5..49e4b9c 100644
--- a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java
+++ b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java
@@ -57,7 +57,7 @@ public class RestSecurityWithSSLTest {
.withProperty(SSL_KEYSTORE_PASSWORD, "password").withProperty(SSL_KEYSTORE_TYPE, "JKS")
.withProperty(SSL_TRUSTSTORE, KEYSTORE_FILE.getPath())
.withProperty(SSL_TRUSTSTORE_PASSWORD, "password")
- .withProperty(SSL_PROTOCOLS, "TLSv1.2,TLSv1.1").withAutoStart();
+ .withProperty(SSL_PROTOCOLS, "TLSv1.2").withAutoStart();
@Test
public void testRestSecurityWithSSL() {
diff --git a/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java b/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java
index 5dbe309..f877536 100644
--- a/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java
+++ b/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java
@@ -424,7 +424,7 @@ public class LocatorDUnitTest implements Serializable {
properties.setProperty(SSL_KEYSTORE, getSingleKeyKeystore());
properties.setProperty(SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
- properties.setProperty(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(SSL_TRUSTSTORE, getSingleKeyKeystore());
properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
diff --git a/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java b/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java
index 15918e0..2d692b8 100644
--- a/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java
+++ b/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java
@@ -125,7 +125,7 @@ public class JMXMBeanDUnitTest implements Serializable {
sslProperties.setProperty(SSL_TRUSTSTORE, singleKeystore);
sslProperties.setProperty(SSL_ENABLED_COMPONENTS,
SecurableCommunicationChannel.JMX.getConstant());
- sslProperties.setProperty(SSL_PROTOCOLS, "TLSv1.2,TLSv1.1");
+ sslProperties.setProperty(SSL_PROTOCOLS, "TLSv1.2");
sslPropertiesWithMultiKey = new Properties();
sslPropertiesWithMultiKey.putAll(Maps.fromProperties(sslProperties));
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java
index 07ff006..5325e14 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java
@@ -362,7 +362,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(SSL_REQUIRE_AUTHENTICATION, "true");
properties.setProperty(SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
@@ -392,7 +392,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(SERVER_SSL_ENABLED, "true");
properties.setProperty(SERVER_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(SERVER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(SERVER_SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(SERVER_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(SERVER_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(SERVER_SSL_KEYSTORE_TYPE, "JKS");
@@ -426,7 +426,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(CLUSTER_SSL_ENABLED, "true");
properties.setProperty(CLUSTER_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
@@ -460,7 +460,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(JMX_MANAGER_SSL_ENABLED, "true");
properties.setProperty(JMX_MANAGER_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(JMX_MANAGER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(JMX_MANAGER_SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS");
@@ -494,7 +494,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(GATEWAY_SSL_ENABLED, "true");
properties.setProperty(GATEWAY_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(GATEWAY_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(GATEWAY_SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(GATEWAY_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(GATEWAY_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(GATEWAY_SSL_KEYSTORE_TYPE, "JKS");
@@ -528,7 +528,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
properties.setProperty(HTTP_SERVICE_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE_TYPE, "JKS");