@@ -78,6 +78,7 @@ public void cleanup() throws Exception {
7878 /**
7979 * Tests reloading a keystore that is used in the KeyManager of SSLContext
8080 */
81+ @ AwaitsFix (bugUrl = "https://github.com/elastic/elasticsearch/issues/32124" )
8182 public void testReloadingKeyStore () throws Exception {
8283 assumeFalse ("Can't run in a FIPS JVM" , inFipsJvm ());
8384 final Path tempDir = createTempDir ();
@@ -191,6 +192,7 @@ public void testPEMKeyConfigReloading() throws Exception {
191192 * Tests the reloading of SSLContext when the trust store is modified. The same store is used as a TrustStore (for the
192193 * reloadable SSLContext used in the HTTPClient) and as a KeyStore for the MockWebServer
193194 */
195+ @ AwaitsFix (bugUrl = "https://github.com/elastic/elasticsearch/issues/32124" )
194196 public void testReloadingTrustStore () throws Exception {
195197 assumeFalse ("Can't run in a FIPS JVM" , inFipsJvm ());
196198 Path tempDir = createTempDir ();
@@ -477,9 +479,7 @@ private static MockWebServer getSslServer(Path keyStorePath, String keyStorePass
477479 try (InputStream is = Files .newInputStream (keyStorePath )) {
478480 keyStore .load (is , keyStorePass .toCharArray ());
479481 }
480- // TODO Revisit TLS1.2 pinning when TLS1.3 is fully supported
481- // https://github.com/elastic/elasticsearch/issues/32276
482- final SSLContext sslContext = new SSLContextBuilder ().useProtocol ("TLSv1.2" ).loadKeyMaterial (keyStore , keyStorePass .toCharArray ())
482+ final SSLContext sslContext = new SSLContextBuilder ().loadKeyMaterial (keyStore , keyStorePass .toCharArray ())
483483 .build ();
484484 MockWebServer server = new MockWebServer (sslContext , false );
485485 server .enqueue (new MockResponse ().setResponseCode (200 ).setBody ("body" ));
@@ -493,9 +493,7 @@ private static MockWebServer getSslServer(Path keyPath, Path certPath, String pa
493493 keyStore .load (null , password .toCharArray ());
494494 keyStore .setKeyEntry ("testnode_ec" , PemUtils .readPrivateKey (keyPath , password ::toCharArray ), password .toCharArray (),
495495 CertParsingUtils .readCertificates (Collections .singletonList (certPath )));
496- // TODO Revisit TLS1.2 pinning when TLS1.3 is fully supported
497- // https://github.com/elastic/elasticsearch/issues/32276
498- final SSLContext sslContext = new SSLContextBuilder ().useProtocol ("TLSv1.2" ).loadKeyMaterial (keyStore , password .toCharArray ())
496+ final SSLContext sslContext = new SSLContextBuilder ().loadKeyMaterial (keyStore , password .toCharArray ())
499497 .build ();
500498 MockWebServer server = new MockWebServer (sslContext , false );
501499 server .enqueue (new MockResponse ().setResponseCode (200 ).setBody ("body" ));
@@ -510,7 +508,7 @@ private static CloseableHttpClient getSSLClient(Path trustStorePath, String trus
510508 try (InputStream is = Files .newInputStream (trustStorePath )) {
511509 trustStore .load (is , trustStorePass .toCharArray ());
512510 }
513- final SSLContext sslContext = new SSLContextBuilder ().useProtocol ( "TLSv1.2" ). loadTrustMaterial (trustStore , null ).build ();
511+ final SSLContext sslContext = new SSLContextBuilder ().loadTrustMaterial (trustStore , null ).build ();
514512 return HttpClients .custom ().setSSLContext (sslContext ).build ();
515513 }
516514
@@ -527,7 +525,7 @@ private static CloseableHttpClient getSSLClient(List<Path> trustedCertificatePat
527525 for (Certificate cert : CertParsingUtils .readCertificates (trustedCertificatePaths )) {
528526 trustStore .setCertificateEntry (cert .toString (), cert );
529527 }
530- final SSLContext sslContext = new SSLContextBuilder ().useProtocol ( "TLSv1.2" ). loadTrustMaterial (trustStore , null ).build ();
528+ final SSLContext sslContext = new SSLContextBuilder ().loadTrustMaterial (trustStore , null ).build ();
531529 return HttpClients .custom ().setSSLContext (sslContext ).build ();
532530 }
533531
0 commit comments