Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update security protocol to TLS #24474

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update security protocol to TLS #24474

wants to merge 1 commit into from
+2 −2

Conversation

ShahimSharafudeen
Copy link

@ShahimSharafudeen ShahimSharafudeen commented Feb 3, 2025
edited
Loading

Description

  1. CWE: Weak SSL/TLS protocols should not be used

SSLContext result = SSLContext.getInstance("TLS"); // Automatically selects the best supported version

Reference PR : #24436

Motivation and Context

Enhanced Security Protocol to TLS"SSL" uses older and insecure protocols such as SSLv2 and SSLv3, which are vulnerable to attacks like POODLE.
"TLSv1.2" make use of the more modern and secure TLS 1.2 protocol, which mitigates known vulnerabilities in earlier versions of SSL/TLS.

Impact

Backward Compatibility:
If the client does not support TLS 1.2 (e.g., very old systems or devices), the connection may fail.

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Elastic search Changes
* Improve cryptographic protocol in response to `java:S4423 <https://sonarqube.ow2.org/coding_rules?open=java%3AS4423&rule_key=java%3AS4423>`_. :pr:`24474`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Feb 3, 2025
@ShahimSharafudeen ShahimSharafudeen changed the title Update security protocol to TLS and change cipher mode padding Update security protocol to TLS Feb 4, 2025
@ShahimSharafudeen ShahimSharafudeen marked this pull request as ready for review February 4, 2025 06:45
@ShahimSharafudeen ShahimSharafudeen requested a review from a team as a code owner February 4, 2025 06:45
@steveburnett
Copy link
Contributor

New release note guidelines. Please remove the manual PR link in the following format from the release note entries for this PR.

:pr:`12345`

I have updated the Release Notes Guidelines to remove the examples of manually adding the PR link.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ShahimSharafudeen @steveburnett @prestodb-ci