anmolnar commented on PR #2380:
URL: https://github.com/apache/zookeeper/pull/2380#issuecomment-4383482347
How about the following?
No `static` field needed.
```java
private final AtomicReference<String> bestAvailableProtocol = new
AtomicReference<>();
/**
* Return TLSv1.2 when FIPS mode is enabled.
* Otherwise, returns TLSv1.3 or TLSv1.2 depending on Java runtime
version being used.
* TLSv1.3 was first introduced in JDK11 and back-ported to OpenJDK
8u272.
*/
public String defaultTlsProtocol(ZKConfig config) {
if (getFipsMode(config)) {
return TLS_1_2;
}
return getBestAvailableProtocol();
}
private String getBestAvailableProtocol() {
String bestProtocol = bestAvailableProtocol.get();
if (bestProtocol != null) {
return bestProtocol;
}
String protocol = TLS_1_2;
List<String> supported = new ArrayList<>();
try {
supported =
Arrays.asList(SSLContext.getDefault().getSupportedSSLParameters().getProtocols());
if (supported.contains(TLS_1_3)) {
protocol = TLS_1_3;
}
} catch (NoSuchAlgorithmException e) {
// Ignore.
}
if (bestAvailableProtocol.compareAndSet(null, protocol)) {
LOG.info("Default TLS protocol is {}, supported TLS protocols
are {}", protocol, supported);
} else {
protocol = bestAvailableProtocol.get();
}
return protocol;
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
