(phoenix-queryserver) branch master updated: PHOENIX-7665 Make TLS protocols and ciphersuites configurable in PQS (#181)

Mon, 27 Oct 2025 05:49:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

stoty pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/phoenix-queryserver.git


The following commit(s) were added to refs/heads/master by this push:
     new f517490  PHOENIX-7665 Make TLS protocols and ciphersuites configurable 
in PQS (#181)
f517490 is described below

commit f5174906d06cda222b4f43ec1010463ef5f158f2
Author: Istvan Toth <[email protected]>
AuthorDate: Mon Oct 27 13:49:12 2025 +0100

    PHOENIX-7665 Make TLS protocols and ciphersuites configurable in PQS (#181)
---
 .../apache/phoenix/queryserver/QueryServerProperties.java  |  4 ++++
 .../org/apache/phoenix/queryserver/server/QueryServer.java | 14 +++++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java
 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java
index dda88cf..3b23e20 100644
--- 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java
+++ 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java
@@ -72,6 +72,10 @@ public class QueryServerProperties {
             "phoenix.queryserver.tls.truststore";
     public static final String QUERY_SERVER_TLS_TRUSTSTORE_PASSWORD =
             "phoenix.queryserver.tls.truststore.password";
+    public static final String QUERY_SERVER_TLS_ENABLED_PROTCOLS =
+            "phoenix.queryserver.tls.protocols";
+    public static final String QUERY_SERVER_TLS_ENABLED_CIPHERSUITES =
+            "phoenix.queryserver.tls.ciphersuites";
     public static final String QUERY_SERVER_JMX_JSON_ENDPOINT_DISABLED =
             "phoenix.queryserver.jmxjsonendpoint.disabled";
 
diff --git 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
index 8619da1..de5ef58 100644
--- 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
+++ 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
@@ -297,7 +297,19 @@ public final class QueryServer extends Configured 
implements Tool, Runnable {
         throw new Exception(String.format("if %s is enabled, %s must be 
specfified" , QueryServerProperties.QUERY_SERVER_TLS_ENABLED, 
QueryServerProperties.QUERY_SERVER_TLS_TRUSTSTORE));
       }
       final File tlsTruststoreFile = new File(tlsTruststore);
-      builder.withTLS(tlsKeystoreFile, tlsKeystorePassword, tlsTruststoreFile, 
tlsTruststorePassword, keystoreType);
+
+      final String tlsEnabledProtocolsString = 
getConf().get(QueryServerProperties.QUERY_SERVER_TLS_ENABLED_PROTCOLS);
+      String[] tlsEnabledProtocols = null;
+      if (tlsEnabledProtocolsString != null) {
+          tlsEnabledProtocols = tlsEnabledProtocolsString.trim().split(",");
+      }
+      final String tlsEnabledChiphersuitesString = 
getConf().get(QueryServerProperties.QUERY_SERVER_TLS_ENABLED_CIPHERSUITES);
+      String[] tlsEnabledChiphersuites = null;
+      if (tlsEnabledChiphersuitesString != null) {
+          tlsEnabledChiphersuites = 
tlsEnabledChiphersuitesString.trim().split(",");
+      }
+
+      builder.withTLS(tlsKeystoreFile, tlsKeystorePassword, tlsTruststoreFile, 
tlsTruststorePassword, keystoreType, tlsEnabledProtocols, 
tlsEnabledChiphersuites);
     }
 }

Reply via email to