Skip to content

ZOOKEEPER-5045: Fall back to TLSv1.2 default in FIPS mode#2383

Open
PDavid wants to merge 3 commits into
apache:branch-3.9from
PDavid:ZOOKEEPER-5045-branch-3.9
Open

ZOOKEEPER-5045: Fall back to TLSv1.2 default in FIPS mode#2383
PDavid wants to merge 3 commits into
apache:branch-3.9from
PDavid:ZOOKEEPER-5045-branch-3.9

Conversation

@PDavid
Copy link
Copy Markdown
Contributor

@PDavid PDavid commented May 7, 2026

Reviewers: meszibalu
Author: PDavid
Closes #2380 from PDavid/ZOOKEEPER-5045

(cherry picked from commit d4e15d3)

PDavid added 2 commits May 7, 2026 16:24
@PDavid
ZOOKEEPER-5045: Fall back to TLSv1.2 default in FIPS mode
bdef4a3 
Reviewers: meszibalu
Author: PDavid
Closes apache#2380 from PDavid/ZOOKEEPER-5045

(cherry picked from commit d4e15d3)
@PDavid
ZOOKEEPER-5045: Fix ClientX509Util
20edc1b 
DEFAULT_PROTOCOL constant does not exist anymore.
@PDavid
Copy link
Copy Markdown
Contributor Author

PDavid commented May 7, 2026

This is the backport of #2380 to branch-3.9. Cherry-picked the d4e15d3 commit but it did not applied cleanly. Had to resolve a small conflict in X509Util. Also had to fix ClientX509Util a bit.

@PDavid
Copy link
Copy Markdown
Contributor Author

PDavid commented May 8, 2026

Some tests in SSLHostnameVerificationTest failed. I'll have a look.

@PDavid PDavid marked this pull request as ready for review May 8, 2026 12:09
@PDavid
Copy link
Copy Markdown
Contributor Author

PDavid commented May 8, 2026
edited
Loading

FYI: We miss this patch on this (3.9) branch: https://issues.apache.org/jira/browse/ZOOKEEPER-4912

To be honest I'm not sure if we need that patch in 3.9 or not. Just it is related.

For fixing SSLHostnameVerificationTest I now patched ClientX509Util.getEnabledProtocols the same way:

9aae22e

@anmolnar
Copy link
Copy Markdown
Contributor

anmolnar commented May 12, 2026

Thanks @PDavid for the contribution.
What if we backport ZOOKEEPER-4912 first?
Sounds like something that we should consider, because according to the Jira ticket it fixes problems in 3.9 too.

@PDavid
Copy link
Copy Markdown
Contributor Author

PDavid commented May 13, 2026

Thanks @PDavid for the contribution. What if we backport ZOOKEEPER-4912 first? Sounds like something that we should consider, because according to the Jira ticket it fixes problems in 3.9 too.

Thanks, sure, makes sense. Here it is:
#2386

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PDavid @anmolnar