fix: tls error in config-api start up log

[duttarnab]

closes #2665

Summary by CodeRabbit

• Security
  • Refined TLS cipher restrictions to more precisely target specific CBC-based cipher suites, improving security configuration accuracy while reducing overly broad restrictions on other cipher families.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Walkthrough

A TLS cipher disallowlist pattern in the java.security configuration file is narrowed from a generic CBC pattern to a TLS-specific pattern, reducing the scope of ciphers subject to the restriction while maintaining other security constraints intact.

Changes

Cohort / File(s)	Summary
TLS Configuration flex-linux-setup/flex_linux_setup/templates/java.security	Replaced generic CBC cipher pattern (*_CBC_*) with TLS-specific pattern (TLS_*_CBC_*) in the cipher disallowlist.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A cipher pattern, once broad and wide,
Now focuses on TLS with careful pride,
CBC ciphers in their proper place,
Security gains, with a measured grace!
🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: tls error in config-api start up log' accurately describes the main change—fixing a TLS error in config-api startup—which matches the code modification in java.security that adjusts TLS cipher disallowlist patterns.
Linked Issues check	✅ Passed	The PR modifies the TLS cipher disallowlist pattern in java.security to address the TLS error reported in issue #2665, directly fulfilling the stated objective to fix the TLS error in config-api startup.
Out of Scope Changes check	✅ Passed	The single-line modification to the TLS cipher disallowlist in java.security is directly scoped to addressing the TLS error in config-api startup as specified in issue #2665, with no extraneous changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch flex-linux-setup-2665

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed for 'flex_linux_setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud