This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
The following commit(s) were added to refs/heads/master by this push:
new d9fda7d QPID-8353: [Broker-J] Add TLSv1.3 into TLS protocol
preferences
d9fda7d is described below
commit d9fda7d8258b63748bfd3a324411a8b1523207b5
Author: Tomas Vavricka <[email protected]>
AuthorDate: Fri Sep 20 11:53:46 2019 +0200
QPID-8353: [Broker-J] Add TLSv1.3 into TLS protocol preferences
This closes #38
---
.../qpid/server/transport/network/security/ssl/SSLUtil.java | 6 +-----
.../server/transport/network/security/ssl/SSLUtilTest.java | 10 +++++-----
2 files changed, 6 insertions(+), 10 deletions(-)
diff --git
a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
index 0ffab92..01c11d3 100644
---
a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
+++
b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
@@ -43,7 +43,6 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
-import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
@@ -89,10 +88,7 @@ public class SSLUtil
private static final Logger LOGGER =
LoggerFactory.getLogger(SSLUtil.class);
private static final Integer DNS_NAME_TYPE = 2;
- private static final String[] TLS_PROTOCOL_PREFERENCES = new
String[]{"TLSv1.2", "TLSv1.1", "TLS", "TLSv1"};
-
-
- private static final SecureRandom RANDOM = new SecureRandom();
+ private static final String[] TLS_PROTOCOL_PREFERENCES = new
String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLS", "TLSv1"};
private static final Constructor<?> CONSTRUCTOR;
diff --git
a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
index 7498b6a..81d928a 100644
---
a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
+++
b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
@@ -72,9 +72,9 @@ public class SSLUtilTest extends UnitTestBase
{
List<String> whiteList = Arrays.asList("TLSv1\\.[0-9]+");
List<String> blackList = Collections.emptyList();
- String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2"};
- String[] expected = {"TLSv1.1", "TLSv1.2"};
- String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2"};
+ String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
+ String[] expected = {"TLSv1.1", "TLSv1.2", "TLSv1.3"};
+ String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2",
"TLSv1.3"};
String[] result = SSLUtil.filterEntries(enabled, supported, whiteList,
blackList);
assertTrue("unexpected filtered list: expected " +
Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
@@ -85,9 +85,9 @@ public class SSLUtilTest extends UnitTestBase
{
List<String> whiteList = Arrays.asList();
List<String> blackList = Arrays.asList("TLSv1\\.[0-9]+");
- String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2"};
+ String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] expected = {"TLS"};
- String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2"};
+ String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2",
"TLSv1.3"};
String[] result = SSLUtil.filterEntries(enabled, supported, whiteList,
blackList);
assertTrue("unexpected filtered list: expected " +
Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
