Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix #5125 allowing for TLS 1.3 only support #5128

Merged
merged 1 commit into from
May 24, 2023
Merged

fix #5125 allowing for TLS 1.3 only support #5128

merged 1 commit into from
May 24, 2023

Conversation

shawkins
Copy link
Contributor

@shawkins shawkins commented May 15, 2023
edited by manusa
Loading

Description

Fixes #5125 by enabling support for TLS 1.3 as well as 1.2 and creating the context off of the latest known version. The other option is to use getInstance("TLS") - but I couldn't determine if that would guarantee the latest support as for older vm, which had 1.3 support added later still appear to default to 1.2.

@vietj can you check how this should be supported with vertx? The are some refinements here related to this, but as far as I can tell TLS 1.2 is still supported even if we specify only TLS 1.3 client support. Should we still be using JdkSSLEngineOptions even if we are also providing the KeyManagers and TrustManagers?

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • Feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change
  • Chore (non-breaking change which doesn't affect codebase;
    test, version modification, documentation, etc.)

Checklist

  • Code contributed by me aligns with current project license: Apache 2.0
  • I Added CHANGELOG entry regarding this change
  • I have implemented unit tests to cover my changes
  • I have added/updated the javadocs and other documentation accordingly
  • No new bugs, code smells, etc. in SonarCloud report
  • I tested my code in Kubernetes
  • I tested my code in OpenShift

@shawkins shawkins marked this pull request as ready for review May 15, 2023 11:07
@manusa manusa added this to the 6.7.0 milestone May 24, 2023
@sonarqubecloud
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell B 4 Code Smells

52.0% 52.0% Coverage
0.0% 0.0% Duplication

@manusa manusa merged commit 1050f1f into fabric8io:master May 24, 2023
@manusa manusa mentioned this pull request May 24, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rohanKanojia rohanKanojia rohanKanojia approved these changes

@oscerd oscerd oscerd approved these changes

@manusa manusa manusa approved these changes

@sunix sunix Awaiting requested review from sunix

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
6.7.0
Development

Successfully merging this pull request may close these issues.

Can not connect to API server enforcing TLS 1.3
4 participants
@shawkins @manusa @oscerd @rohanKanojia