From d76660e7426c25546649f4052995d1d92cbe8937 Mon Sep 17 00:00:00 2001 From: Jacek Date: Tue, 22 Jun 2021 14:53:22 +0200 Subject: [PATCH] SONAR-14854 Support TLSv1.3,TLSv1.2 for Elasticsearch transport connection encryption (cherry picked from commit ae64c01c99b4ef368eac2f4e31fd51f454c12443) --- .../src/main/java/org/sonar/application/es/EsSettings.java | 1 + .../test/java/org/sonar/application/es/EsSettingsTest.java | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java b/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java index 30c5b0e7729..79072191cce 100644 --- a/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java +++ b/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java @@ -118,6 +118,7 @@ public class EsSettings { builder.put("xpack.security.enabled", "true"); builder.put("xpack.security.transport.ssl.enabled", "true"); + builder.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.3,TLSv1.2"); builder.put("xpack.security.transport.ssl.verification_mode", "certificate"); builder.put("xpack.security.transport.ssl.keystore.path", clusterESKeystoreFileName); builder.put("xpack.security.transport.ssl.truststore.path", clusterESTruststoreFileName); diff --git a/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java b/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java index 23722f2624d..cdceb3b305f 100644 --- a/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java +++ b/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java @@ -390,7 +390,9 @@ public class EsSettingsTest { Map outputParams = settings.build(); - assertThat(outputParams).containsEntry("xpack.security.transport.ssl.enabled", "true") + assertThat(outputParams) + .containsEntry("xpack.security.transport.ssl.enabled", "true") + .containsEntry("xpack.security.transport.ssl.supported_protocols", "TLSv1.3,TLSv1.2") .containsEntry("xpack.security.transport.ssl.keystore.path", keystore.getName()) .containsEntry("xpack.security.transport.ssl.truststore.path", truststore.getName()); } -- 2.39.5