You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by sm...@apache.org on 2021/05/03 22:40:54 UTC
[geode] branch support/1.13 updated: GEODE-9218: Remove TLSv1 and
TLSv1.1 from tests. (#6412)
This is an automated email from the ASF dual-hosted git repository.
smgoller pushed a commit to branch support/1.13
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/support/1.13 by this push:
new ba67f4e GEODE-9218: Remove TLSv1 and TLSv1.1 from tests. (#6412)
ba67f4e is described below
commit ba67f4ed5b906ad99e47388b3d2c0b29c6d3751f
Author: Sean Goller <se...@goller.net>
AuthorDate: Fri Apr 30 15:38:42 2021 -0700
GEODE-9218: Remove TLSv1 and TLSv1.1 from tests. (#6412)
Recent versions of JDK11 and 8 have disabled TLSv1 and TLSv1.1 by default.
We shouldn't be using these protocols so we shouldn't be testing them anymore either.
(cherry picked from commit ee7b611b51b11693da92418c861d37ce57216298)
(cherry picked from commit fdf5662d82b402ea2a95521bd910fe5de0293ce9)
---
.../web/controllers/RestAPIsWithSSLDUnitTest.java | 31 ----------------------
.../rest/internal/web/RestSecurityWithSSLTest.java | 2 +-
.../apache/geode/distributed/LocatorDUnitTest.java | 2 +-
.../apache/geode/management/JMXMBeanDUnitTest.java | 2 +-
.../net/SocketCreatorFactoryJUnitTest.java | 12 ++++-----
5 files changed, 9 insertions(+), 40 deletions(-)
diff --git a/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java b/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
index 7172cf4..3286e54 100644
--- a/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
+++ b/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
@@ -340,22 +340,6 @@ public class RestAPIsWithSSLDUnitTest {
}
@Test
- public void testSSLWithTLSv11Protocol() throws Exception {
- Properties props = new Properties();
- props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath());
- props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath());
- props.setProperty(SSL_KEYSTORE_PASSWORD, "password");
- props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
- props.setProperty(SSL_KEYSTORE_TYPE, "JKS");
- props.setProperty(SSL_PROTOCOLS, "TLSv1.1");
- props.setProperty(SSL_CIPHERS, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant());
-
- startClusterWithSSL(props);
- validateConnection(props);
- }
-
- @Test
public void testSSLWithTLSv12Protocol() throws Exception {
Properties props = new Properties();
props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath());
@@ -527,21 +511,6 @@ public class RestAPIsWithSSLDUnitTest {
@SuppressWarnings("deprecation")
@Test
- public void testSSLWithTLSv11ProtocolLegacy() throws Exception {
- Properties props = new Properties();
- props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
- props.setProperty(HTTP_SERVICE_SSL_KEYSTORE,
- findTrustedJKSWithSingleEntry().getCanonicalPath());
- props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password");
- props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1.1");
- props.setProperty(HTTP_SERVICE_SSL_CIPHERS, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
-
- startClusterWithSSL(props);
- validateConnection(props);
- }
-
- @SuppressWarnings("deprecation")
- @Test
public void testSSLWithTLSv12ProtocolLegacy() throws Exception {
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
diff --git a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java
index 32f83f5..49e4b9c 100644
--- a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java
+++ b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java
@@ -57,7 +57,7 @@ public class RestSecurityWithSSLTest {
.withProperty(SSL_KEYSTORE_PASSWORD, "password").withProperty(SSL_KEYSTORE_TYPE, "JKS")
.withProperty(SSL_TRUSTSTORE, KEYSTORE_FILE.getPath())
.withProperty(SSL_TRUSTSTORE_PASSWORD, "password")
- .withProperty(SSL_PROTOCOLS, "TLSv1.2,TLSv1.1").withAutoStart();
+ .withProperty(SSL_PROTOCOLS, "TLSv1.2").withAutoStart();
@Test
public void testRestSecurityWithSSL() {
diff --git a/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java b/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java
index 1eb343e..d3c1733 100644
--- a/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java
+++ b/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java
@@ -426,7 +426,7 @@ public class LocatorDUnitTest implements Serializable {
properties.setProperty(SSL_KEYSTORE, getSingleKeyKeystore());
properties.setProperty(SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
- properties.setProperty(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(SSL_TRUSTSTORE, getSingleKeyKeystore());
properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
diff --git a/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java b/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java
index 15918e0..2d692b8 100644
--- a/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java
+++ b/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java
@@ -125,7 +125,7 @@ public class JMXMBeanDUnitTest implements Serializable {
sslProperties.setProperty(SSL_TRUSTSTORE, singleKeystore);
sslProperties.setProperty(SSL_ENABLED_COMPONENTS,
SecurableCommunicationChannel.JMX.getConstant());
- sslProperties.setProperty(SSL_PROTOCOLS, "TLSv1.2,TLSv1.1");
+ sslProperties.setProperty(SSL_PROTOCOLS, "TLSv1.2");
sslPropertiesWithMultiKey = new Properties();
sslPropertiesWithMultiKey.putAll(Maps.fromProperties(sslProperties));
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java
index c6503e9..2fc2c07 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java
@@ -369,7 +369,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(SSL_REQUIRE_AUTHENTICATION, "true");
properties.setProperty(SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
@@ -399,7 +399,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(SERVER_SSL_ENABLED, "true");
properties.setProperty(SERVER_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(SERVER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(SERVER_SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(SERVER_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(SERVER_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(SERVER_SSL_KEYSTORE_TYPE, "JKS");
@@ -433,7 +433,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(CLUSTER_SSL_ENABLED, "true");
properties.setProperty(CLUSTER_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
@@ -467,7 +467,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(JMX_MANAGER_SSL_ENABLED, "true");
properties.setProperty(JMX_MANAGER_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(JMX_MANAGER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(JMX_MANAGER_SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS");
@@ -501,7 +501,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(GATEWAY_SSL_ENABLED, "true");
properties.setProperty(GATEWAY_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(GATEWAY_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(GATEWAY_SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(GATEWAY_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(GATEWAY_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(GATEWAY_SSL_KEYSTORE_TYPE, "JKS");
@@ -535,7 +535,7 @@ public class SocketCreatorFactoryJUnitTest {
properties.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
properties.setProperty(HTTP_SERVICE_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- properties.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
+ properties.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1.2");
properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE_TYPE, "JKS");