Skip to content

Commit c3cdf84

Browse files
jaymodejaymode
authored
Fix SSLContext pinning to TLSV1.2 in reload tests (#38341)
This commit fixes the pinning of SSLContexts to TLSv1.2 in the SSLConfigurationReloaderTests. The pinning was added for the initial creation of clients and webservers but the updated contexts would default to TLSv1.3, which is known to cause hangs with the MockWebServer that we use. Relates #38103 Closes #38247
1 parent 0ced775 commit c3cdf84

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@ public void testReloadingKeyStore() throws Exception {
9191
final Settings settings = Settings.builder()
9292
.put("path.home", createTempDir())
9393
.put("xpack.security.transport.ssl.keystore.path", keystorePath)
94+
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
9495
.setSecureSettings(secureSettings)
9596
.build();
9697
final Environment env = randomBoolean() ? null : TestEnvironment.newEnvironment(settings);
@@ -149,6 +150,7 @@ public void testPEMKeyConfigReloading() throws Exception {
149150
.put("xpack.security.transport.ssl.key", keyPath)
150151
.put("xpack.security.transport.ssl.certificate", certPath)
151152
.putList("xpack.security.transport.ssl.certificate_authorities", certPath.toString())
153+
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
152154
.setSecureSettings(secureSettings)
153155
.build();
154156
final Environment env = randomBoolean() ? null :
@@ -193,7 +195,6 @@ public void testPEMKeyConfigReloading() throws Exception {
193195
* Tests the reloading of SSLContext when the trust store is modified. The same store is used as a TrustStore (for the
194196
* reloadable SSLContext used in the HTTPClient) and as a KeyStore for the MockWebServer
195197
*/
196-
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/38247")
197198
public void testReloadingTrustStore() throws Exception {
198199
assumeFalse("Can't run in a FIPS JVM", inFipsJvm());
199200
Path tempDir = createTempDir();
@@ -206,6 +207,7 @@ public void testReloadingTrustStore() throws Exception {
206207
secureSettings.setString("xpack.security.transport.ssl.truststore.secure_password", "testnode");
207208
Settings settings = Settings.builder()
208209
.put("xpack.security.transport.ssl.truststore.path", trustStorePath)
210+
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
209211
.put("path.home", createTempDir())
210212
.setSecureSettings(secureSettings)
211213
.build();
@@ -241,10 +243,10 @@ public void testReloadingTrustStore() throws Exception {
241243
validateSSLConfigurationIsReloaded(settings, env, trustMaterialPreChecks, modifier, trustMaterialPostChecks);
242244
}
243245
}
246+
244247
/**
245248
* Test the reloading of SSLContext whose trust config is backed by PEM certificate files.
246249
*/
247-
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/38247")
248250
public void testReloadingPEMTrustConfig() throws Exception {
249251
Path tempDir = createTempDir();
250252
Path serverCertPath = tempDir.resolve("testnode.crt");
@@ -257,6 +259,7 @@ public void testReloadingPEMTrustConfig() throws Exception {
257259
Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode_updated.crt"), updatedCert);
258260
Settings settings = Settings.builder()
259261
.putList("xpack.security.transport.ssl.certificate_authorities", serverCertPath.toString())
262+
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
260263
.put("path.home", createTempDir())
261264
.build();
262265
Environment env = randomBoolean() ? null : TestEnvironment.newEnvironment(settings);
@@ -305,6 +308,7 @@ public void testReloadingKeyStoreException() throws Exception {
305308
secureSettings.setString("xpack.security.transport.ssl.keystore.secure_password", "testnode");
306309
Settings settings = Settings.builder()
307310
.put("xpack.security.transport.ssl.keystore.path", keystorePath)
311+
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
308312
.setSecureSettings(secureSettings)
309313
.put("path.home", createTempDir())
310314
.build();
@@ -346,6 +350,7 @@ public void testReloadingPEMKeyConfigException() throws Exception {
346350
.put("xpack.security.transport.ssl.key", keyPath)
347351
.put("xpack.security.transport.ssl.certificate", certPath)
348352
.putList("xpack.security.transport.ssl.certificate_authorities", certPath.toString(), clientCertPath.toString())
353+
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
349354
.put("path.home", createTempDir())
350355
.setSecureSettings(secureSettings)
351356
.build();
@@ -381,6 +386,7 @@ public void testTrustStoreReloadException() throws Exception {
381386
secureSettings.setString("xpack.security.transport.ssl.truststore.secure_password", "testnode");
382387
Settings settings = Settings.builder()
383388
.put("xpack.security.transport.ssl.truststore.path", trustStorePath)
389+
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
384390
.put("path.home", createTempDir())
385391
.setSecureSettings(secureSettings)
386392
.build();
@@ -414,6 +420,7 @@ public void testPEMTrustReloadException() throws Exception {
414420
Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath);
415421
Settings settings = Settings.builder()
416422
.putList("xpack.security.transport.ssl.certificate_authorities", clientCertPath.toString())
423+
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
417424
.put("path.home", createTempDir())
418425
.build();
419426
Environment env = randomBoolean() ? null : TestEnvironment.newEnvironment(settings);

0 commit comments

Comments
 (0)