(ignite) branch master updated: IGNITE-21629 Add o.a.i.client.SslProtocol#TLSv1_3 (#11335)

[ptupitsyn]

This is an automated email from the ASF dual-hosted git repository.

ptupitsyn pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git


The following commit(s) were added to refs/heads/master by this push:
     new 9d9446d2ee9 IGNITE-21629 Add o.a.i.client.SslProtocol#TLSv1_3 (#11335)
9d9446d2ee9 is described below

commit 9d9446d2ee956bcda35bcd51d7a10c8bb827b797
Author: Pavel Tupitsyn <ptupit...@apache.org>
AuthorDate: Thu May 2 12:41:26 2024 +0300

    IGNITE-21629 Add o.a.i.client.SslProtocol#TLSv1_3 (#11335)
---
 .../java/org/apache/ignite/client/SslProtocol.java  |  5 ++++-
 .../ignite/internal/client/thin/ClientSslUtils.java |  3 +++
 .../java/org/apache/ignite/client/SecurityTest.java | 21 ++++++++++++++++++++-
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git 
a/modules/core/src/main/java/org/apache/ignite/client/SslProtocol.java 
b/modules/core/src/main/java/org/apache/ignite/client/SslProtocol.java
index 159e4c28a6e..bee5ad89e41 100644
--- a/modules/core/src/main/java/org/apache/ignite/client/SslProtocol.java
+++ b/modules/core/src/main/java/org/apache/ignite/client/SslProtocol.java
@@ -32,5 +32,8 @@ public enum SslProtocol {
     TLSv1_1,
 
     /** Supports RFC 5246: TLS version 1.2 ; may support other versions. */
-    TLSv1_2
+    TLSv1_2,
+
+    /** Supports RFC 8446: TLS version 1.3 ; may support other versions. */
+    TLSv1_3
 }
diff --git 
a/modules/core/src/main/java/org/apache/ignite/internal/client/thin/ClientSslUtils.java
 
b/modules/core/src/main/java/org/apache/ignite/internal/client/thin/ClientSslUtils.java
index eb9cd60309e..4264aa1c3a3 100644
--- 
a/modules/core/src/main/java/org/apache/ignite/internal/client/thin/ClientSslUtils.java
+++ 
b/modules/core/src/main/java/org/apache/ignite/internal/client/thin/ClientSslUtils.java
@@ -170,6 +170,9 @@ public class ClientSslUtils {
             case TLSv1_2:
                 return "TLSv1.2";
 
+            case TLSv1_3:
+                return "TLSv1.3";
+
             default:
                 return proto.toString();
         }
diff --git 
a/modules/indexing/src/test/java/org/apache/ignite/client/SecurityTest.java 
b/modules/indexing/src/test/java/org/apache/ignite/client/SecurityTest.java
index 0fe4442890d..abcf1b9f455 100644
--- a/modules/indexing/src/test/java/org/apache/ignite/client/SecurityTest.java
+++ b/modules/indexing/src/test/java/org/apache/ignite/client/SecurityTest.java
@@ -68,6 +68,25 @@ public class SecurityTest {
     /** Test SSL/TLS encryption. */
     @Test
     public void testEncryption() throws Exception {
+        // Do not test old protocols.
+        SslProtocol[] protocols = new SslProtocol[] {
+            SslProtocol.TLS,
+            SslProtocol.TLSv1_2,
+            SslProtocol.TLSv1_3
+        };
+
+        for (SslProtocol protocol : protocols) {
+            try {
+                testEncryption(protocol);
+            }
+            catch (Throwable t) {
+                throw new Exception("Failed for protocol: " + protocol, t);
+            }
+        }
+    }
+
+    /** Test SSL/TLS encryption. */
+    private void testEncryption(SslProtocol protocol) {
         // Server-side security configuration
         IgniteConfiguration srvCfg = Config.getServerConfiguration();
 
@@ -123,7 +142,7 @@ public class SecurityTest {
                 .setSslTrustCertificateKeyStorePassword("123456")
                 .setSslKeyAlgorithm(DFLT_KEY_ALGORITHM)
                 .setSslTrustAll(false)
-                .setSslProtocol(SslProtocol.TLS)
+                .setSslProtocol(protocol)
             )) {
                 client.<Integer, 
String>cache(Config.DEFAULT_CACHE_NAME).put(1, "1");
             }