Use TLSv1.3 as default for Cross Site

infinispan · Dec 12, 2023 · 8548d5a · 8548d5a
1 parent 7c06555
commit 8548d5a
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/api/v1/types_util.go b/api/v1/types_util.go
@@ -851,7 +851,7 @@ func (ispn *Infinispan) GetSiteTLSProtocol() string {
 	if !ispn.IsSiteTLSEnabled() {
 		return ""
 	}
-	return consts.GetWithDefault(string(ispn.Spec.Service.Sites.Local.Encryption.Protocol), string(TLSVersion12))
+	return consts.GetWithDefault(string(ispn.Spec.Service.Sites.Local.Encryption.Protocol), string(TLSVersion13))
 }
 
 // GetSiteTransportSecretName returns the secret name for the transport TLS keystore

diff --git a/documentation/asciidoc/topics/ref_cross_site_tls_resources.adoc b/documentation/asciidoc/topics/ref_cross_site_tls_resources.adoc
@@ -11,7 +11,7 @@ The following tables provides fields and descriptions for encrypting cross-site
 |Description
 
 |`service.type.sites.local.encryption.protocol`
-|Specifies the TLS protocol to use for cross-site connections. The default value is `TLSv1.2` but you can set `TLSv1.3` if required.
+|Specifies the TLS protocol to use for cross-site connections. The default value is `TLSv1.3` but you can set `TLSv1.2` if required.
 
 |`service.type.sites.local.encryption.transportKeyStore`
 |Configures a keystore secret for relay pods.

diff --git a/test/e2e/xsite/xsite_test.go b/test/e2e/xsite/xsite_test.go
@@ -193,9 +193,9 @@ func TestDefaultTLSInternal(t *testing.T) {
 	testCrossSiteView(t, false, false, "", ispnv1.CrossSiteExposeTypeClusterIP, 0, 1, DefaultTLS, nil)
 }
 
-// TestDefaultTLSInternalVersion3 tests if the TLSv1.3 connection works for internal cross-site communication
-func TestDefaultTLSInternalVersion3(t *testing.T) {
-	protocol := ispnv1.TLSVersion13
+// TestDefaultTLSInternalVersion2 tests if the TLSv1.2 connection works for internal cross-site communication
+func TestDefaultTLSInternalVersion2(t *testing.T) {
+	protocol := ispnv1.TLSVersion12
 	testCrossSiteView(t, false, false, "", ispnv1.CrossSiteExposeTypeClusterIP, 0, 1, DefaultTLS, &protocol)
 }
 
@@ -204,9 +204,9 @@ func TestSingleTLSInternal(t *testing.T) {
 	testCrossSiteView(t, false, false, "", ispnv1.CrossSiteExposeTypeClusterIP, 0, 1, SingleKeyStoreTLS, nil)
 }
 
-// TestSingleTLSInternalVersion3 tests if the TLSv1.3 connection works for internal cross-site communication and custom keystore and truststore
-func TestSingleTLSInternalVersion3(t *testing.T) {
-	protocol := ispnv1.TLSVersion13
+// TestSingleTLSInternalVersion2 tests if the TLSv1.2 connection works for internal cross-site communication and custom keystore and truststore
+func TestSingleTLSInternalVersion2(t *testing.T) {
+	protocol := ispnv1.TLSVersion12
 	testCrossSiteView(t, false, false, "", ispnv1.CrossSiteExposeTypeClusterIP, 0, 1, SingleKeyStoreTLS, &protocol)
 }