]> source.dussan.org Git - sonarqube.git/commitdiff
SONAR-14854 Support TLSv1.3,TLSv1.2 for Elasticsearch transport connection encryption
authorJacek <jacek.poreda@sonarsource.com>
Tue, 22 Jun 2021 12:53:22 +0000 (14:53 +0200)
committersonartech <sonartech@sonarsource.com>
Thu, 16 Dec 2021 20:03:10 +0000 (20:03 +0000)
(cherry picked from commit ae64c01c99b4ef368eac2f4e31fd51f454c12443)

server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java
server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java

index 30c5b0e77299db0a1253632e90d4b53a3213c305..79072191cce30df44d14de163545c283769887e0 100644 (file)
@@ -118,6 +118,7 @@ public class EsSettings {
 
       builder.put("xpack.security.enabled", "true");
       builder.put("xpack.security.transport.ssl.enabled", "true");
+      builder.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.3,TLSv1.2");
       builder.put("xpack.security.transport.ssl.verification_mode", "certificate");
       builder.put("xpack.security.transport.ssl.keystore.path", clusterESKeystoreFileName);
       builder.put("xpack.security.transport.ssl.truststore.path", clusterESTruststoreFileName);
index 23722f2624d61df14b6d555012310ab4573bd5ea..cdceb3b305ffaa0569a624041a6d142dbfd2f2e7 100644 (file)
@@ -390,7 +390,9 @@ public class EsSettingsTest {
 
     Map<String, String> outputParams = settings.build();
 
-    assertThat(outputParams).containsEntry("xpack.security.transport.ssl.enabled", "true")
+    assertThat(outputParams)
+      .containsEntry("xpack.security.transport.ssl.enabled", "true")
+      .containsEntry("xpack.security.transport.ssl.supported_protocols", "TLSv1.3,TLSv1.2")
       .containsEntry("xpack.security.transport.ssl.keystore.path", keystore.getName())
       .containsEntry("xpack.security.transport.ssl.truststore.path", truststore.getName());
   }