[ranger] branch master updated: RANGER-4110: upgraded TLS version to 1.2

madhan Sat, 04 Mar 2023 20:22:32 -0800

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git



The following commit(s) were added to refs/heads/master by this push:
     new 2124ed60d RANGER-4110: upgraded TLS version to 1.2
2124ed60d is described below

commit 2124ed60d572ab2663f1bcea4807902e21ffe5b2
Author: Ramachandran Krishnan <[email protected]>
AuthorDate: Fri Feb 24 11:57:19 2023 +0530

    RANGER-4110: upgraded TLS version to 1.2
    
    Signed-off-by: Madhan Neethiraj <[email protected]>
---
 .../main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java   | 2 +-
 .../src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java  | 2 +-
 .../src/main/java/org/apache/ranger/plugin/util/RangerSslHelper.java   | 2 +-
 .../services/nifi/registry/client/NiFiRegistryConnectionMgr.java       | 3 ++-
 .../schema/registry/client/connection/DefaultSchemaRegistryClient.java | 2 +-
 .../apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java  | 2 +-
 6 files changed, 7 insertions(+), 6 deletions(-)

diff --git 
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
 
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
index af09ca7b0..8511ce9cb 100644
--- 
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
+++ 
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
@@ -52,7 +52,7 @@ public abstract class BaseAuditHandler implements 
AuditHandler {
 
        public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE              
                         = KeyManagerFactory.getDefaultAlgorithm();
        public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE            
                 = TrustManagerFactory.getDefaultAlgorithm();
-       public static final String RANGER_SSL_CONTEXT_ALGO_TYPE                 
                     = "TLS";
+       public static final String RANGER_SSL_CONTEXT_ALGO_TYPE                 
                     = "TLSv1.2";
 
        public static final String PROP_CONFIG = "config";
 
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
index 49e1281b7..e54313403 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
@@ -86,7 +86,7 @@ public class RangerRESTClient {
 
        public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE              
                         = KeyManagerFactory.getDefaultAlgorithm();
        public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE            
                 = TrustManagerFactory.getDefaultAlgorithm();
-       public static final String RANGER_SSL_CONTEXT_ALGO_TYPE                 
                     = "TLS";
+       public static final String RANGER_SSL_CONTEXT_ALGO_TYPE                 
                     = "TLSv1.2";
 
        private String  mUrl;
        private String  mSslConfigFileName;
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSslHelper.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSslHelper.java
index 88c959c2a..8d803e32f 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSslHelper.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSslHelper.java
@@ -62,7 +62,7 @@ public class RangerSslHelper {
 
        static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE                   = 
KeyManagerFactory.getDefaultAlgorithm();
        static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE                 = 
TrustManagerFactory.getDefaultAlgorithm();
-       static final String RANGER_SSL_CONTEXT_ALGO_TYPE                      = 
"TLS";
+       static final String RANGER_SSL_CONTEXT_ALGO_TYPE                      = 
"TLSv1.2";
 
        private String mKeyStoreURL;
        private String mKeyStoreAlias;
diff --git 
a/plugin-nifi-registry/src/main/java/org/apache/ranger/services/nifi/registry/client/NiFiRegistryConnectionMgr.java
 
b/plugin-nifi-registry/src/main/java/org/apache/ranger/services/nifi/registry/client/NiFiRegistryConnectionMgr.java
index 99eeced86..938504245 100644
--- 
a/plugin-nifi-registry/src/main/java/org/apache/ranger/services/nifi/registry/client/NiFiRegistryConnectionMgr.java
+++ 
b/plugin-nifi-registry/src/main/java/org/apache/ranger/services/nifi/registry/client/NiFiRegistryConnectionMgr.java
@@ -48,6 +48,7 @@ import java.util.Map;
 public class NiFiRegistryConnectionMgr {
 
     private static final Logger LOG = 
LoggerFactory.getLogger(NiFiRegistryConnectionMgr.class);
+    private static final String SSL_ALGORITHM = "TLSv1.2";
 
     private static final String API_RESOURCES_PATH = 
"/nifi-registry-api/policies/resources";
     static final String INVALID_URL_MSG =  "NiFi Registry URL must be a valid 
URL of the form " +
@@ -112,7 +113,7 @@ public class NiFiRegistryConnectionMgr {
                         truststore.trim(),
                         truststorePassword.trim().toCharArray(),
                         truststoreType.trim(),
-                        "TLS");
+                        SSL_ALGORITHM);
             }
         }
 
diff --git 
a/plugin-schema-registry/src/main/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClient.java
 
b/plugin-schema-registry/src/main/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClient.java
index 8da7409d1..dbd0d5a96 100644
--- 
a/plugin-schema-registry/src/main/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClient.java
+++ 
b/plugin-schema-registry/src/main/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClient.java
@@ -55,7 +55,7 @@ public class DefaultSchemaRegistryClient implements 
ISchemaRegistryClient {
     private static final String SCHEMA_REGISTRY_PATH = 
"/api/v1/schemaregistry";
     private static final String SCHEMAS_PATH = SCHEMA_REGISTRY_PATH + 
"/schemas/";
     private static final String SCHEMA_REGISTRY_VERSION_PATH = 
SCHEMA_REGISTRY_PATH + "/version";
-    private static final String SSL_ALGORITHM = "TLS";
+    private static final String SSL_ALGORITHM = "TLSv1.2";
     private final javax.ws.rs.client.Client client;
     private final Login login;
     private final UrlSelector urlSelector;
diff --git 
a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
 
b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
index 204398f7e..cce8a31a6 100644
--- 
a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
+++ 
b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
@@ -66,7 +66,7 @@ public class RemoteUnixLoginModule implements LoginModule {
        
        private static final String JAAS_ENABLED_PARAM = 
"ranger.unixauth.remote.login.enabled";
 
-       private static final String SSL_ALGORITHM = "TLS";
+       private static final String SSL_ALGORITHM = "TLSv1.2";
 
        private String userName;
        private char[] password;

[ranger] branch master updated: RANGER-4110: upgraded TLS version to 1.2

Reply via email to