From 8548d5a4f7e31137aa9ae959c1c91b75ac01d5f6 Mon Sep 17 00:00:00 2001 From: Pedro Ruivo Date: Tue, 6 Sep 2022 14:11:20 +0100 Subject: [PATCH] Use TLSv1.3 as default for Cross Site --- api/v1/types_util.go | 2 +- .../topics/ref_cross_site_tls_resources.adoc | 2 +- test/e2e/xsite/xsite_test.go | 12 ++++++------ 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/api/v1/types_util.go b/api/v1/types_util.go index 53a61c3d9..86c98ac0d 100644 --- a/api/v1/types_util.go +++ b/api/v1/types_util.go @@ -851,7 +851,7 @@ func (ispn *Infinispan) GetSiteTLSProtocol() string { if !ispn.IsSiteTLSEnabled() { return "" } - return consts.GetWithDefault(string(ispn.Spec.Service.Sites.Local.Encryption.Protocol), string(TLSVersion12)) + return consts.GetWithDefault(string(ispn.Spec.Service.Sites.Local.Encryption.Protocol), string(TLSVersion13)) } // GetSiteTransportSecretName returns the secret name for the transport TLS keystore diff --git a/documentation/asciidoc/topics/ref_cross_site_tls_resources.adoc b/documentation/asciidoc/topics/ref_cross_site_tls_resources.adoc index 2f3f7ac5a..ffd334ac0 100644 --- a/documentation/asciidoc/topics/ref_cross_site_tls_resources.adoc +++ b/documentation/asciidoc/topics/ref_cross_site_tls_resources.adoc @@ -11,7 +11,7 @@ The following tables provides fields and descriptions for encrypting cross-site |Description |`service.type.sites.local.encryption.protocol` -|Specifies the TLS protocol to use for cross-site connections. The default value is `TLSv1.2` but you can set `TLSv1.3` if required. +|Specifies the TLS protocol to use for cross-site connections. The default value is `TLSv1.3` but you can set `TLSv1.2` if required. |`service.type.sites.local.encryption.transportKeyStore` |Configures a keystore secret for relay pods. diff --git a/test/e2e/xsite/xsite_test.go b/test/e2e/xsite/xsite_test.go index 88e37efbe..92a689d8f 100644 --- a/test/e2e/xsite/xsite_test.go +++ b/test/e2e/xsite/xsite_test.go @@ -193,9 +193,9 @@ func TestDefaultTLSInternal(t *testing.T) { testCrossSiteView(t, false, false, "", ispnv1.CrossSiteExposeTypeClusterIP, 0, 1, DefaultTLS, nil) } -// TestDefaultTLSInternalVersion3 tests if the TLSv1.3 connection works for internal cross-site communication -func TestDefaultTLSInternalVersion3(t *testing.T) { - protocol := ispnv1.TLSVersion13 +// TestDefaultTLSInternalVersion2 tests if the TLSv1.2 connection works for internal cross-site communication +func TestDefaultTLSInternalVersion2(t *testing.T) { + protocol := ispnv1.TLSVersion12 testCrossSiteView(t, false, false, "", ispnv1.CrossSiteExposeTypeClusterIP, 0, 1, DefaultTLS, &protocol) } @@ -204,9 +204,9 @@ func TestSingleTLSInternal(t *testing.T) { testCrossSiteView(t, false, false, "", ispnv1.CrossSiteExposeTypeClusterIP, 0, 1, SingleKeyStoreTLS, nil) } -// TestSingleTLSInternalVersion3 tests if the TLSv1.3 connection works for internal cross-site communication and custom keystore and truststore -func TestSingleTLSInternalVersion3(t *testing.T) { - protocol := ispnv1.TLSVersion13 +// TestSingleTLSInternalVersion2 tests if the TLSv1.2 connection works for internal cross-site communication and custom keystore and truststore +func TestSingleTLSInternalVersion2(t *testing.T) { + protocol := ispnv1.TLSVersion12 testCrossSiteView(t, false, false, "", ispnv1.CrossSiteExposeTypeClusterIP, 0, 1, SingleKeyStoreTLS, &protocol) }