[GitHub] [beam] lukecwik commented on a diff in pull request #24619: Add static override for JDK TLS disabled/legacy algorithms in Java container

Wed, 04 Jan 2023 15:10:48 -0800 


lukecwik commented on code in PR #24619:
URL: https://github.com/apache/beam/pull/24619#discussion_r1061960026


##########
sdks/java/core/src/test/java/org/apache/beam/sdk/SdkHarnessEnvironmentTest.java:
##########
@@ -77,22 +75,24 @@ public void testJammAgentAvailable() throws Exception {
   /** {@link DoFn} used to validate that TLS was enabled as part of java 
security properties. */
   private static class TLSDoFn extends DoFn<String, String> {
     @ProcessElement
-    public void processElement(ProcessContext c) {
+    public void processElement(ProcessContext c) throws Exception {
       String[] disabledAlgorithms =
           
Security.getProperty("jdk.tls.disabledAlgorithms").trim().split("\\s*,\\s*");
+      String[] legacyAlgorithms =
+          
Security.getProperty("jdk.tls.legacyAlgorithms").trim().split("\\s*,\\s*");
       assertThat(disabledAlgorithms, not(hasItemInArray("TLSv1")));
       assertThat(disabledAlgorithms, not(hasItemInArray("TLSv1.1")));
+      assertThat(legacyAlgorithms, hasItemInArray("TLSv1"));
+      assertThat(legacyAlgorithms, hasItemInArray("TLSv1.1"));
 
-      SSLContext context = null;
-      String[] defaultProtocols = null;
-      try {
-        context = SSLContext.getInstance("TLS");
-        context.init(null, null, null);
-        defaultProtocols = context.getDefaultSSLParameters().getProtocols();
-      } catch (NoSuchAlgorithmException | KeyManagementException e) {
-        return;
-      }
+      // getSupportedSSLParameters() shows all protocols that JSSE implements 
thare aren't
+      // statically prohibited by the policy file
+      // use getDefaultSSLParameters() to see what is enabled by default -- 
and is used in your
+      // socket, since it doesn't override the context's default

Review Comment:
   I'm confused by this comment, did you mean something like:
   ```suggestion
         // getDefaultSSLParameters() shows all protocols that JSSE implements 
that are allowed.
         // getSupportedSSLParameters() shows all protocols that JSSE 
implements including those that are disabled.
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to