Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update TLS ciphers and protocols for JDK 11 #41385

Merged
merged 27 commits into from
May 2, 2019
Merged

Update TLS ciphers and protocols for JDK 11 #41385

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
7f13fd8
Update TLS ciphers and protocols for JDK 11
jaymode Apr 19, 2019
8e88ca4
Merge branch 'master' into jdk11_tls
jaymode Apr 22, 2019
25f812a
aria and camellia are defined but not actually implemented in the JDK
jaymode Apr 22, 2019
4d1967e
fix docs
jaymode Apr 22, 2019
5339d47
ensure we trust the testnode_ec cert
jaymode Apr 23, 2019
5c253e4
Merge branch 'master' into jdk11_tls
jaymode Apr 23, 2019
d418c39
Merge branch 'master' into jdk11_tls
jaymode Apr 23, 2019
5479d11
Merge branch 'master' into jdk11_tls
jaymode Apr 24, 2019
52edf57
fix nio transport issue and pin renegotiation test to TLSv1.2
jaymode Apr 24, 2019
c6f5eb7
Merge branch 'master' into jdk11_tls
jaymode Apr 25, 2019
079cd3a
update in ssl lib and reorder
jaymode Apr 25, 2019
eb6c860
Merge branch 'master' into jdk11_tls
jaymode Apr 25, 2019
ef81541
Merge branch 'master' into jdk11_tls
jaymode Apr 26, 2019
8bad4fd
update test certs
jaymode Apr 26, 2019
e59a1b8
Merge branch 'master' into jdk11_tls
jaymode Apr 29, 2019
844e597
remove unnecessary log statement
jaymode Apr 29, 2019
ad12647
busted trust restrictions tests
jaymode Apr 29, 2019
31afd19
fixed mistake
jaymode Apr 29, 2019
9e4672d
unused import
jaymode Apr 30, 2019
d8cec06
Merge branch 'master' into jdk11_tls
jaymode Apr 30, 2019
d13407a
debugging leftover
jaymode Apr 30, 2019
1082da2
test fix
jaymode Apr 30, 2019
b6bb085
some test fixes
jaymode Apr 30, 2019
fc57894
pin reindex client tests to tlsv1.2 since mockwebserver has issues wi…
jaymode Apr 30, 2019
16fa1c2
Merge branch 'master' into jdk11_tls
jaymode May 1, 2019
36c54d1
Merge branch 'master' into jdk11_tls
jaymode May 1, 2019
8ffd609
Merge branch 'master' into jdk11_tls
jaymode May 2, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion x-pack/plugin/security/src/test/java/org/elasticsearch/test/SecuritySettingsSource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ public Settings nodeSettings(int nodeOrdinal) {

Settings.Builder builder = Settings.builder()
.put(XPackSettings.SECURITY_ENABLED.getKey(), true)
.put(NetworkModule.TRANSPORT_TYPE_KEY, randomBoolean() ? SecurityField.NAME4 : SecurityField.NIO)
.put(NetworkModule.TRANSPORT_TYPE_KEY, SecurityField.NIO)//randomBoolean() ? SecurityField.NAME4 : SecurityField.NIO)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume this is left over debugging?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pointing it out. It was leftover from debugging and getting help from @tbrooks8

.put(NetworkModule.HTTP_TYPE_KEY, randomBoolean() ? SecurityField.NAME4 : SecurityField.NIO)
//TODO: for now isolate security tests from watcher & monitoring (randomize this later)
.put(XPackSettings.WATCHER_ENABLED.getKey(), false)
Expand Down
4 changes: 4 additions & 0 deletions .../plugin/security/src/test/java/org/elasticsearch/xpack/ssl/SSLTrustRestrictionsTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,7 @@ public void testCertificateWithUntrustedNameFails() throws Exception {
tryConnect(untrustedCert);
fail("handshake should have failed, but was successful");
} catch (SSLException | SocketException ex) {
logger.info("caught expected exception", ex);
// expected
}
}
Expand Down Expand Up @@ -237,6 +238,9 @@ private void tryConnect(CertificateInfo certificate) throws Exception {
TransportAddress address = internalCluster().getInstance(Transport.class, node).boundAddress().publishAddress();
try (SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(address.getAddress(), address.getPort())) {
assertThat(socket.isConnected(), is(true));
// Need to not use client mode for TLSv1.3; otherwise the handshake completes prior to the trust restrictions
// causing the server to close the connection
socket.setUseClientMode(false);
// The test simply relies on this (synchronously) connecting (or not), so we don't need a handshake handler
socket.startHandshake();
}
Expand Down