SONAR-14854 Support TLSv1.3,TLSv1.2 for Elasticsearch transport connection encryption

author Jacek <jacek.poreda@sonarsource.com>

Tue, 22 Jun 2021 12:53:22 +0000 (14:53 +0200)

committer sonartech <sonartech@sonarsource.com>

Thu, 16 Dec 2021 20:03:10 +0000 (20:03 +0000)
author Jacek <jacek.poreda@sonarsource.com>
Tue, 22 Jun 2021 12:53:22 +0000 (14:53 +0200)
committer sonartech <sonartech@sonarsource.com>
Thu, 16 Dec 2021 20:03:10 +0000 (20:03 +0000)
diff --git a/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java b/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java

index 30c5b0e77299db0a1253632e90d4b53a3213c305..79072191cce30df44d14de163545c283769887e0 100644 (file)
--- a/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java
+++ b/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java
@@ -118,6 +118,7 @@ public class EsSettings {
  
        builder.put("xpack.security.enabled", "true");
        builder.put("xpack.security.transport.ssl.enabled", "true");
+      builder.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.3,TLSv1.2");
        builder.put("xpack.security.transport.ssl.verification_mode", "certificate");
        builder.put("xpack.security.transport.ssl.keystore.path", clusterESKeystoreFileName);
        builder.put("xpack.security.transport.ssl.truststore.path", clusterESTruststoreFileName);
diff --git a/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java b/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java

index 23722f2624d61df14b6d555012310ab4573bd5ea..cdceb3b305ffaa0569a624041a6d142dbfd2f2e7 100644 (file)
--- a/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java
+++ b/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java
@@ -390,7 +390,9 @@ public class EsSettingsTest {
  
      Map<String, String> outputParams = settings.build();
  
-    assertThat(outputParams).containsEntry("xpack.security.transport.ssl.enabled", "true")
+    assertThat(outputParams)
+      .containsEntry("xpack.security.transport.ssl.enabled", "true")
+      .containsEntry("xpack.security.transport.ssl.supported_protocols", "TLSv1.3,TLSv1.2")
        .containsEntry("xpack.security.transport.ssl.keystore.path", keystore.getName())
        .containsEntry("xpack.security.transport.ssl.truststore.path", truststore.getName());
    }
author	Jacek <jacek.poreda@sonarsource.com>
	Tue, 22 Jun 2021 12:53:22 +0000 (14:53 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Thu, 16 Dec 2021 20:03:10 +0000 (20:03 +0000)
server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java		patch \| blob \| history
server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java		patch \| blob \| history