This is an automated email from the ASF dual-hosted git repository. smgoller pushed a commit to branch support/1.13 in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/support/1.13 by this push: new ba67f4e GEODE-9218: Remove TLSv1 and TLSv1.1 from tests. (#6412) ba67f4e is described below commit ba67f4ed5b906ad99e47388b3d2c0b29c6d3751f Author: Sean Goller <s...@goller.net> AuthorDate: Fri Apr 30 15:38:42 2021 -0700 GEODE-9218: Remove TLSv1 and TLSv1.1 from tests. (#6412) Recent versions of JDK11 and 8 have disabled TLSv1 and TLSv1.1 by default. We shouldn't be using these protocols so we shouldn't be testing them anymore either. (cherry picked from commit ee7b611b51b11693da92418c861d37ce57216298) (cherry picked from commit fdf5662d82b402ea2a95521bd910fe5de0293ce9) --- .../web/controllers/RestAPIsWithSSLDUnitTest.java | 31 ---------------------- .../rest/internal/web/RestSecurityWithSSLTest.java | 2 +- .../apache/geode/distributed/LocatorDUnitTest.java | 2 +- .../apache/geode/management/JMXMBeanDUnitTest.java | 2 +- .../net/SocketCreatorFactoryJUnitTest.java | 12 ++++----- 5 files changed, 9 insertions(+), 40 deletions(-) diff --git a/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java b/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java index 7172cf4..3286e54 100644 --- a/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java +++ b/geode-assembly/src/distributedTest/java/org/apache/geode/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java @@ -340,22 +340,6 @@ public class RestAPIsWithSSLDUnitTest { } @Test - public void testSSLWithTLSv11Protocol() throws Exception { - Properties props = new Properties(); - props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); - props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); - props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); - props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); - props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); - props.setProperty(SSL_PROTOCOLS, "TLSv1.1"); - props.setProperty(SSL_CIPHERS, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); - props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); - - startClusterWithSSL(props); - validateConnection(props); - } - - @Test public void testSSLWithTLSv12Protocol() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); @@ -527,21 +511,6 @@ public class RestAPIsWithSSLDUnitTest { @SuppressWarnings("deprecation") @Test - public void testSSLWithTLSv11ProtocolLegacy() throws Exception { - Properties props = new Properties(); - props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); - props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, - findTrustedJKSWithSingleEntry().getCanonicalPath()); - props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); - props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1.1"); - props.setProperty(HTTP_SERVICE_SSL_CIPHERS, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); - - startClusterWithSSL(props); - validateConnection(props); - } - - @SuppressWarnings("deprecation") - @Test public void testSSLWithTLSv12ProtocolLegacy() throws Exception { Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); diff --git a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java index 32f83f5..49e4b9c 100644 --- a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java +++ b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityWithSSLTest.java @@ -57,7 +57,7 @@ public class RestSecurityWithSSLTest { .withProperty(SSL_KEYSTORE_PASSWORD, "password").withProperty(SSL_KEYSTORE_TYPE, "JKS") .withProperty(SSL_TRUSTSTORE, KEYSTORE_FILE.getPath()) .withProperty(SSL_TRUSTSTORE_PASSWORD, "password") - .withProperty(SSL_PROTOCOLS, "TLSv1.2,TLSv1.1").withAutoStart(); + .withProperty(SSL_PROTOCOLS, "TLSv1.2").withAutoStart(); @Test public void testRestSecurityWithSSL() { diff --git a/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java b/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java index 1eb343e..d3c1733 100644 --- a/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java +++ b/geode-core/src/distributedTest/java/org/apache/geode/distributed/LocatorDUnitTest.java @@ -426,7 +426,7 @@ public class LocatorDUnitTest implements Serializable { properties.setProperty(SSL_KEYSTORE, getSingleKeyKeystore()); properties.setProperty(SSL_KEYSTORE_PASSWORD, "password"); properties.setProperty(SSL_KEYSTORE_TYPE, "JKS"); - properties.setProperty(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2"); + properties.setProperty(SSL_PROTOCOLS, "TLSv1.2"); properties.setProperty(SSL_TRUSTSTORE, getSingleKeyKeystore()); properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); diff --git a/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java b/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java index 15918e0..2d692b8 100644 --- a/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java +++ b/geode-core/src/distributedTest/java/org/apache/geode/management/JMXMBeanDUnitTest.java @@ -125,7 +125,7 @@ public class JMXMBeanDUnitTest implements Serializable { sslProperties.setProperty(SSL_TRUSTSTORE, singleKeystore); sslProperties.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.JMX.getConstant()); - sslProperties.setProperty(SSL_PROTOCOLS, "TLSv1.2,TLSv1.1"); + sslProperties.setProperty(SSL_PROTOCOLS, "TLSv1.2"); sslPropertiesWithMultiKey = new Properties(); sslPropertiesWithMultiKey.putAll(Maps.fromProperties(sslProperties)); diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java index c6503e9..2fc2c07 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorFactoryJUnitTest.java @@ -369,7 +369,7 @@ public class SocketCreatorFactoryJUnitTest { properties.setProperty(SSL_REQUIRE_AUTHENTICATION, "true"); properties.setProperty(SSL_CIPHERS, "TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); - properties.setProperty(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2"); + properties.setProperty(SSL_PROTOCOLS, "TLSv1.2"); properties.setProperty(SSL_KEYSTORE, jks.getCanonicalPath()); properties.setProperty(SSL_KEYSTORE_PASSWORD, "password"); properties.setProperty(SSL_KEYSTORE_TYPE, "JKS"); @@ -399,7 +399,7 @@ public class SocketCreatorFactoryJUnitTest { properties.setProperty(SERVER_SSL_ENABLED, "true"); properties.setProperty(SERVER_SSL_CIPHERS, "TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); - properties.setProperty(SERVER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2"); + properties.setProperty(SERVER_SSL_PROTOCOLS, "TLSv1.2"); properties.setProperty(SERVER_SSL_KEYSTORE, jks.getCanonicalPath()); properties.setProperty(SERVER_SSL_KEYSTORE_PASSWORD, "password"); properties.setProperty(SERVER_SSL_KEYSTORE_TYPE, "JKS"); @@ -433,7 +433,7 @@ public class SocketCreatorFactoryJUnitTest { properties.setProperty(CLUSTER_SSL_ENABLED, "true"); properties.setProperty(CLUSTER_SSL_CIPHERS, "TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); - properties.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2"); + properties.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.2"); properties.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath()); properties.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password"); properties.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS"); @@ -467,7 +467,7 @@ public class SocketCreatorFactoryJUnitTest { properties.setProperty(JMX_MANAGER_SSL_ENABLED, "true"); properties.setProperty(JMX_MANAGER_SSL_CIPHERS, "TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); - properties.setProperty(JMX_MANAGER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2"); + properties.setProperty(JMX_MANAGER_SSL_PROTOCOLS, "TLSv1.2"); properties.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath()); properties.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password"); properties.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS"); @@ -501,7 +501,7 @@ public class SocketCreatorFactoryJUnitTest { properties.setProperty(GATEWAY_SSL_ENABLED, "true"); properties.setProperty(GATEWAY_SSL_CIPHERS, "TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); - properties.setProperty(GATEWAY_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2"); + properties.setProperty(GATEWAY_SSL_PROTOCOLS, "TLSv1.2"); properties.setProperty(GATEWAY_SSL_KEYSTORE, jks.getCanonicalPath()); properties.setProperty(GATEWAY_SSL_KEYSTORE_PASSWORD, "password"); properties.setProperty(GATEWAY_SSL_KEYSTORE_TYPE, "JKS"); @@ -535,7 +535,7 @@ public class SocketCreatorFactoryJUnitTest { properties.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); properties.setProperty(HTTP_SERVICE_SSL_CIPHERS, "TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); - properties.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2"); + properties.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1.2"); properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath()); properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE_TYPE, "JKS");