From: Jacek Date: Tue, 22 Jun 2021 12:53:22 +0000 (+0200) Subject: SONAR-14854 Support TLSv1.3,TLSv1.2 for Elasticsearch transport connection encryption X-Git-Tag: 9.0.0.45539~55 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=fda0ba7738a8d87d302d460cba6fd490552aca79;p=sonarqube.git SONAR-14854 Support TLSv1.3,TLSv1.2 for Elasticsearch transport connection encryption --- diff --git a/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java b/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java index 30c5b0e7729..79072191cce 100644 --- a/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java +++ b/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java @@ -118,6 +118,7 @@ public class EsSettings { builder.put("xpack.security.enabled", "true"); builder.put("xpack.security.transport.ssl.enabled", "true"); + builder.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.3,TLSv1.2"); builder.put("xpack.security.transport.ssl.verification_mode", "certificate"); builder.put("xpack.security.transport.ssl.keystore.path", clusterESKeystoreFileName); builder.put("xpack.security.transport.ssl.truststore.path", clusterESTruststoreFileName); diff --git a/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java b/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java index 23722f2624d..cdceb3b305f 100644 --- a/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java +++ b/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java @@ -390,7 +390,9 @@ public class EsSettingsTest { Map outputParams = settings.build(); - assertThat(outputParams).containsEntry("xpack.security.transport.ssl.enabled", "true") + assertThat(outputParams) + .containsEntry("xpack.security.transport.ssl.enabled", "true") + .containsEntry("xpack.security.transport.ssl.supported_protocols", "TLSv1.3,TLSv1.2") .containsEntry("xpack.security.transport.ssl.keystore.path", keystore.getName()) .containsEntry("xpack.security.transport.ssl.truststore.path", truststore.getName()); }