You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2023/03/05 04:23:06 UTC
[ranger] branch ranger-2.4 updated: RANGER-4110: upgraded TLS version to 1.2
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new b872c967b RANGER-4110: upgraded TLS version to 1.2
b872c967b is described below
commit b872c967bdb1885760c0403841d29c614952c259
Author: Ramachandran Krishnan <ra...@gmail.com>
AuthorDate: Fri Feb 24 11:57:19 2023 +0530
RANGER-4110: upgraded TLS version to 1.2
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
(cherry picked from commit 2124ed60d572ab2663f1bcea4807902e21ffe5b2)
---
.../main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java | 2 +-
.../src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java | 2 +-
.../src/main/java/org/apache/ranger/plugin/util/RangerSslHelper.java | 2 +-
.../services/nifi/registry/client/NiFiRegistryConnectionMgr.java | 3 ++-
.../schema/registry/client/connection/DefaultSchemaRegistryClient.java | 2 +-
.../apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java | 2 +-
6 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
index edeacb727..1976d9a82 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
@@ -52,7 +52,7 @@ public abstract class BaseAuditHandler implements AuditHandler {
public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm();
public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();
- public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLS";
+ public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLSv1.2";
public static final String PROP_CONFIG = "config";
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
index 49e1281b7..e54313403 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
@@ -86,7 +86,7 @@ public class RangerRESTClient {
public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm();
public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();
- public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLS";
+ public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLSv1.2";
private String mUrl;
private String mSslConfigFileName;
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSslHelper.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSslHelper.java
index 88c959c2a..8d803e32f 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSslHelper.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSslHelper.java
@@ -62,7 +62,7 @@ public class RangerSslHelper {
static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm();
static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();
- static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLS";
+ static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLSv1.2";
private String mKeyStoreURL;
private String mKeyStoreAlias;
diff --git a/plugin-nifi-registry/src/main/java/org/apache/ranger/services/nifi/registry/client/NiFiRegistryConnectionMgr.java b/plugin-nifi-registry/src/main/java/org/apache/ranger/services/nifi/registry/client/NiFiRegistryConnectionMgr.java
index 99eeced86..938504245 100644
--- a/plugin-nifi-registry/src/main/java/org/apache/ranger/services/nifi/registry/client/NiFiRegistryConnectionMgr.java
+++ b/plugin-nifi-registry/src/main/java/org/apache/ranger/services/nifi/registry/client/NiFiRegistryConnectionMgr.java
@@ -48,6 +48,7 @@ import java.util.Map;
public class NiFiRegistryConnectionMgr {
private static final Logger LOG = LoggerFactory.getLogger(NiFiRegistryConnectionMgr.class);
+ private static final String SSL_ALGORITHM = "TLSv1.2";
private static final String API_RESOURCES_PATH = "/nifi-registry-api/policies/resources";
static final String INVALID_URL_MSG = "NiFi Registry URL must be a valid URL of the form " +
@@ -112,7 +113,7 @@ public class NiFiRegistryConnectionMgr {
truststore.trim(),
truststorePassword.trim().toCharArray(),
truststoreType.trim(),
- "TLS");
+ SSL_ALGORITHM);
}
}
diff --git a/plugin-schema-registry/src/main/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClient.java b/plugin-schema-registry/src/main/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClient.java
index 8da7409d1..dbd0d5a96 100644
--- a/plugin-schema-registry/src/main/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClient.java
+++ b/plugin-schema-registry/src/main/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClient.java
@@ -55,7 +55,7 @@ public class DefaultSchemaRegistryClient implements ISchemaRegistryClient {
private static final String SCHEMA_REGISTRY_PATH = "/api/v1/schemaregistry";
private static final String SCHEMAS_PATH = SCHEMA_REGISTRY_PATH + "/schemas/";
private static final String SCHEMA_REGISTRY_VERSION_PATH = SCHEMA_REGISTRY_PATH + "/version";
- private static final String SSL_ALGORITHM = "TLS";
+ private static final String SSL_ALGORITHM = "TLSv1.2";
private final javax.ws.rs.client.Client client;
private final Login login;
private final UrlSelector urlSelector;
diff --git a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
index 204398f7e..cce8a31a6 100644
--- a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
+++ b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
@@ -66,7 +66,7 @@ public class RemoteUnixLoginModule implements LoginModule {
private static final String JAAS_ENABLED_PARAM = "ranger.unixauth.remote.login.enabled";
- private static final String SSL_ALGORITHM = "TLS";
+ private static final String SSL_ALGORITHM = "TLSv1.2";
private String userName;
private char[] password;