QPID-8353: [Broker-J] Add TLSv1.3 into TLS protocol preferences
This closes #38
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
index 0ffab92..01c11d3 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
@@ -43,7 +43,6 @@
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
-import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
@@ -89,10 +88,7 @@
private static final Logger LOGGER = LoggerFactory.getLogger(SSLUtil.class);
private static final Integer DNS_NAME_TYPE = 2;
- private static final String[] TLS_PROTOCOL_PREFERENCES = new String[]{"TLSv1.2", "TLSv1.1", "TLS", "TLSv1"};
-
-
- private static final SecureRandom RANDOM = new SecureRandom();
+ private static final String[] TLS_PROTOCOL_PREFERENCES = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLS", "TLSv1"};
private static final Constructor<?> CONSTRUCTOR;
diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
index 7498b6a..81d928a 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
@@ -72,9 +72,9 @@
{
List<String> whiteList = Arrays.asList("TLSv1\\.[0-9]+");
List<String> blackList = Collections.emptyList();
- String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2"};
- String[] expected = {"TLSv1.1", "TLSv1.2"};
- String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2"};
+ String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
+ String[] expected = {"TLSv1.1", "TLSv1.2", "TLSv1.3"};
+ String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));
@@ -85,9 +85,9 @@
{
List<String> whiteList = Arrays.asList();
List<String> blackList = Arrays.asList("TLSv1\\.[0-9]+");
- String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2"};
+ String[] enabled = {"TLS", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] expected = {"TLS"};
- String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2"};
+ String[] supported = {"SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] result = SSLUtil.filterEntries(enabled, supported, whiteList, blackList);
assertTrue("unexpected filtered list: expected " + Arrays.toString(expected) + " actual " + Arrays.toString(
result), Arrays.equals(expected, result));