Skip to content

[TESTS] Pin MockWebServer to TLS1.2 #33127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 30, 2018
Merged

[TESTS] Pin MockWebServer to TLS1.2 #33127

merged 4 commits into from
Aug 30, 2018

Conversation

@jkakavas
Copy link
Contributor

@jkakavas jkakavas commented Aug 24, 2018

Ensure that the SSLConfigurationReloaderTests can run with JDK 11
by pinning the Server TLS version to TLS1.2

Resolves #32124

@jkakavas
Pin MockWebServer to TLS1.2
c727aa7 
Ensure that the SSLConfigurationReloaderTests can run with JDK 11
by pinning the Server TLS version to TLS1.2

Resolves elastic#32124
@jkakavas jkakavas added >test Issues or PRs that are addressing/adding tests v7.0.0 :Security/TLS SSL/TLS, Certificates v6.5.0 labels Aug 24, 2018
@jkakavas jkakavas requested a review from tvernum August 24, 2018 11:39
@elasticmachine
Copy link
Collaborator

elasticmachine commented Aug 24, 2018

Pinging @elastic/es-security

jaymode
jaymode approved these changes Aug 29, 2018
View reviewed changes
Copy link
Member

@jaymode jaymode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jkakavas jkakavas merged commit 214652d into elastic:master Aug 30, 2018
@jkakavas jkakavas deleted the test-tls12-gracefull-downgrade branch September 14, 2018 06:48
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Sep 14, 2018
@jkakavas
Pin TLS1.2 in SSLConfigurationReloaderTests
5b78f09 
Ensure that the SSLConfigurationReloaderTests can run with JDK 11
by pinning the HttpClient to TLS version to TLS1.2. This is necessary
becase even if the MockWebServer is set to user TLS1.2, we don't
set its enabled protocols, so if it receives a TLS1.3 request (which
is the default behavior for HttpClient in JDK11), it will use TLS1.3
and the original issue will manifest again.

Relates  elastic#33127
Resolves elastic#32124
jkakavas added a commit that referenced this pull request Sep 14, 2018
@jkakavas
Pin TLS1.2 in SSLConfigurationReloaderTests
d9f5e4f 
Ensure that the SSLConfigurationReloaderTests can run with JDK 11
by pinning the HttpClient to TLS version to TLS1.2. This is necessary
becase even if the MockWebServer is set to user TLS1.2, we don't
set its enabled protocols, so if it receives a TLS1.3 request (which
is the default behavior for HttpClient in JDK11), it will use TLS1.3
and the original issue will manifest again.

Relates  #33127
Resolves #32124
jaymode added a commit to jaymode/elasticsearch that referenced this pull request Sep 28, 2018
@jaymode
Test: Revert pinning MockWebServer to TLSv1.2
8af96af 
Revert "[TESTS] Pin MockWebServer to TLS1.2 (elastic#33127)" (commit
214652d) and "Pin TLS1.2 in
SSLConfigurationReloaderTests" (commit
d9f5e4f), which pinned the
MockWebServer used in the SSLConfigurationReloaderTests to TLSv1.2 in
order to prevent failures with JDK 11 related to ssl session
invalidation. We no longer need this pinning as the problematic code
was fixed in elastic#34130.
@jaymode jaymode mentioned this pull request Sep 28, 2018
Merged
jaymode added a commit that referenced this pull request Oct 2, 2018
@jaymode
Test: Revert pinning MockWebServer to TLSv1.2 (#34148)
8539fb6 
Revert "[TESTS] Pin MockWebServer to TLS1.2 (#33127)" (commit
214652d) and "Pin TLS1.2 in
SSLConfigurationReloaderTests" (commit
d9f5e4f), which pinned the
MockWebServer used in the SSLConfigurationReloaderTests to TLSv1.2 in
order to prevent failures with JDK 11 related to ssl session
invalidation. We no longer need this pinning as the problematic code
was fixed in #34130.
kcm pushed a commit that referenced this pull request Oct 30, 2018
@jaymode @kcm
Test: Revert pinning MockWebServer to TLSv1.2 (#34148)
d75f3ae 
Revert "[TESTS] Pin MockWebServer to TLS1.2 (#33127)" (commit
214652d) and "Pin TLS1.2 in
SSLConfigurationReloaderTests" (commit
d9f5e4f), which pinned the
MockWebServer used in the SSLConfigurationReloaderTests to TLSv1.2 in
order to prevent failures with JDK 11 related to ssl session
invalidation. We no longer need this pinning as the problematic code
was fixed in #34130.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jaymode jaymode jaymode approved these changes

@tvernum tvernum Awaiting requested review from tvernum

Assignees

No one assigned

Labels

:Security/TLS SSL/TLS, Certificates >test Issues or PRs that are addressing/adding tests v6.5.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jkakavas @elasticmachine @jaymode @colings86