Skip to content

Commit

Permalink
more reduce grants and minor clean up
Browse files Browse the repository at this point in the history
  • Loading branch information
@jakelandis
jakelandis committed Nov 14, 2023
1 parent a6bbdae commit b76baf8
Show file tree
Hide file tree
Showing 3 changed files with 1 addition and 16 deletions.
5 changes: 0 additions & 5 deletions build-tools-internal/src/main/resources/fips_java.policy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,6 @@ grant {
permission java.security.SecurityPermission "getProperty.keystore.type.compat";
permission java.security.SecurityPermission "getProperty.jdk.tls.disabledAlgorithms";
permission java.security.SecurityPermission "getProperty.jdk.certpath.disabledAlgorithms";
permission java.security.SecurityPermission "getProperty.jdk.tls.server.defaultDHEParameters";
permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.disable_f2m";
permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.disable";
permission java.security.SecurityPermission "getProperty.org.bouncycastle.tripledes.allow_weak";
permission java.security.SecurityPermission "getProperty.org.bouncycastle.drbg.gather_pause_secs";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.util.PropertyPermission "java.runtime.name", "read";
permission org.bouncycastle.crypto.CryptoServicesPermission "tlsAlgorithmsEnabled";
Expand Down
7 changes: 1 addition & 6 deletions libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,12 +53,7 @@ public record SslConfiguration(

static {
LinkedHashMap<String, String> protocolAlgorithmMap = new LinkedHashMap<>();
try {
SSLContext.getInstance("TLSv1.3");
protocolAlgorithmMap.put("TLSv1.3", "TLSv1.3");
} catch (NoSuchAlgorithmException e) {
// ignore since we support JVMs using BCJSSE in FIPS mode which doesn't support TLSv1.3 //TODO: -> can i remove this ?
}
protocolAlgorithmMap.put("TLSv1.3", "TLSv1.3");
protocolAlgorithmMap.put("TLSv1.2", "TLSv1.2");
protocolAlgorithmMap.put("TLSv1.1", "TLSv1.1");
protocolAlgorithmMap.put("TLSv1", "TLSv1");
Expand Down
5 changes: 0 additions & 5 deletions test/test-clusters/src/main/resources/fips/fips_java.policy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,6 @@ grant {
permission java.security.SecurityPermission "getProperty.keystore.type.compat";
permission java.security.SecurityPermission "getProperty.jdk.tls.disabledAlgorithms";
permission java.security.SecurityPermission "getProperty.jdk.certpath.disabledAlgorithms";
permission java.security.SecurityPermission "getProperty.jdk.tls.server.defaultDHEParameters";
permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.disable_f2m";
permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.disable";
permission java.security.SecurityPermission "getProperty.org.bouncycastle.tripledes.allow_weak";
permission java.security.SecurityPermission "getProperty.org.bouncycastle.drbg.gather_pause_secs";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.util.PropertyPermission "java.runtime.name", "read";
permission org.bouncycastle.crypto.CryptoServicesPermission "tlsAlgorithmsEnabled";
Expand Down

0 comments on commit b76baf8

Please sign in to comment.