From 8af96af4043c2bca62096ca1922f66ce01b27a1b Mon Sep 17 00:00:00 2001
From: jaymode <jay@elastic.co>
Date: Fri, 28 Sep 2018 09:05:04 -0600
Subject: [PATCH] Test: Revert pinning MockWebServer to TLSv1.2

Revert "[TESTS] Pin MockWebServer to TLS1.2 (#33127)" (commit
214652d4af8188d4ba872626eeea3bcdff7096f0) and "Pin TLS1.2 in
SSLConfigurationReloaderTests" (commit
d9f5e4fd2e06c9b69f3b4744e49e747e1ff708b4), which pinned the
MockWebServer used in the SSLConfigurationReloaderTests to TLSv1.2 in
order to prevent failures with JDK 11 related to ssl session
invalidation. We no longer need this pinning as the problematic code
was fixed in #34130.
---
 .../core/ssl/SSLConfigurationReloaderTests.java    | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java
index 9202207a14e0f..3e36550e46f2b 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java
@@ -78,6 +78,7 @@ public void cleanup() throws Exception {
     /**
      * Tests reloading a keystore that is used in the KeyManager of SSLContext
      */
+    @AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/32124")
     public void testReloadingKeyStore() throws Exception {
         assumeFalse("Can't run in a FIPS JVM", inFipsJvm());
         final Path tempDir = createTempDir();
@@ -191,6 +192,7 @@ public void testPEMKeyConfigReloading() throws Exception {
      * Tests the reloading of SSLContext when the trust store is modified. The same store is used as a TrustStore (for the
      * reloadable SSLContext used in the HTTPClient) and as a KeyStore for the MockWebServer
      */
+    @AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/32124")
     public void testReloadingTrustStore() throws Exception {
         assumeFalse("Can't run in a FIPS JVM", inFipsJvm());
         Path tempDir = createTempDir();
@@ -477,9 +479,7 @@ private static MockWebServer getSslServer(Path keyStorePath, String keyStorePass
         try (InputStream is = Files.newInputStream(keyStorePath)) {
             keyStore.load(is, keyStorePass.toCharArray());
         }
-        // TODO Revisit TLS1.2 pinning when TLS1.3 is fully supported
-        // https://github.com/elastic/elasticsearch/issues/32276
-        final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadKeyMaterial(keyStore, keyStorePass.toCharArray())
+        final SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, keyStorePass.toCharArray())
             .build();
         MockWebServer server = new MockWebServer(sslContext, false);
         server.enqueue(new MockResponse().setResponseCode(200).setBody("body"));
@@ -493,9 +493,7 @@ private static MockWebServer getSslServer(Path keyPath, Path certPath, String pa
         keyStore.load(null, password.toCharArray());
         keyStore.setKeyEntry("testnode_ec", PemUtils.readPrivateKey(keyPath, password::toCharArray), password.toCharArray(),
             CertParsingUtils.readCertificates(Collections.singletonList(certPath)));
-        // TODO Revisit TLS1.2 pinning when TLS1.3 is fully supported
-        // https://github.com/elastic/elasticsearch/issues/32276
-        final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadKeyMaterial(keyStore, password.toCharArray())
+        final SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, password.toCharArray())
             .build();
         MockWebServer server = new MockWebServer(sslContext, false);
         server.enqueue(new MockResponse().setResponseCode(200).setBody("body"));
@@ -510,7 +508,7 @@ private static CloseableHttpClient getSSLClient(Path trustStorePath, String trus
         try (InputStream is = Files.newInputStream(trustStorePath)) {
             trustStore.load(is, trustStorePass.toCharArray());
         }
-        final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadTrustMaterial(trustStore, null).build();
+        final SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(trustStore, null).build();
         return HttpClients.custom().setSSLContext(sslContext).build();
     }
 
@@ -527,7 +525,7 @@ private static CloseableHttpClient getSSLClient(List<Path> trustedCertificatePat
         for (Certificate cert : CertParsingUtils.readCertificates(trustedCertificatePaths)) {
             trustStore.setCertificateEntry(cert.toString(), cert);
         }
-        final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadTrustMaterial(trustStore, null).build();
+        final SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(trustStore, null).build();
         return HttpClients.custom().setSSLContext(sslContext).build();
     }