[jira] [Work logged] (KNOX-2864) Make TLS protocol and cipher suites configurable with CM service discovery

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-2864?focusedWorklogId=841500&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-841500
 ]

ASF GitHub Bot logged work on KNOX-2864:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 25/Jan/23 09:01
            Start Date: 25/Jan/23 09:01
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on code in PR #717:
URL: https://github.com/apache/knox/pull/717#discussion_r1086364626


##########
gateway-discovery-cm/src/main/java/org/apache/knox/gateway/topology/discovery/cm/DiscoveryApiClient.java:
##########
@@ -157,12 +161,26 @@ private String getUsername() {
     return username;
   }
 
-  private void configureTruststore(KeystoreService keystoreService) {
-    SSLContext truststoreSSLContext = 
TruststoreSSLContextUtils.getTruststoreSSLContext(keystoreService);
+  private void configureSsl(GatewayConfig gatewayConfig, KeyStore trustStore) {
+    final SSLContext truststoreSSLContext = 
TruststoreSSLContextUtils.getTruststoreSSLContext(trustStore);
+
     if (truststoreSSLContext != null) {
+      final ConnectionSpec.Builder connectionSpecBuilder = new 
ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS);
+      if (gatewayConfig.getIncludedSSLCiphers().isEmpty()) {

Review Comment:
   Ohh...and you are right. I added a new method - `getIncludedSSLProtocols` - 
I misread and thought your question was about that one. Let me submit a new PS 
soon.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 841500)
    Time Spent: 50m  (was: 40m)

> Make TLS protocol and cipher suites configurable with CM service discovery
> --------------------------------------------------------------------------
>
>                 Key: KNOX-2864
>                 URL: https://issues.apache.org/jira/browse/KNOX-2864
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: cm-discovery, Server
>    Affects Versions: 2.0.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 2.1.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> The goal of this Jira is to guarantee:
>  * Knox picks up defaults in Java's {{java.security}} file in terms of 
> disabled algorithms as well as TLS protocols and cipher suites
>  * Also, we want these attributes to be configurable in the 
> [DiscoveryApiClient|https://github.com/apache/knox/blob/master/gateway-discovery-cm/src/main/java/org/apache/knox/gateway/topology/discovery/cm/DiscoveryApiClient.java]
>  class using the already existing gateway-level config.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)