Skip to content

Commit 9521c08

Browse files
n1v0lgn1v0lg
committed
Other
1 parent e60f3e6 commit 9521c08

File tree

1 file changed

+22
-2
lines changed

1 file changed

+22
-2
lines changed

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackSettings.java

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -212,7 +212,7 @@ public Iterator<Setting<?>> settings() {
212212
Property.NodeScope
213213
);
214214

215-
private static final List<String> JDK12_CIPHERS = List.of(
215+
private static final List<String> PRE_JDK24_CIPHERS = List.of(
216216
"TLS_AES_256_GCM_SHA384",
217217
"TLS_AES_128_GCM_SHA256", // TLSv1.3 cipher has PFS, AEAD, hardware support
218218
"TLS_CHACHA20_POLY1305_SHA256", // TLSv1.3 cipher has PFS, AEAD
@@ -238,7 +238,27 @@ public Iterator<Setting<?>> settings() {
238238
"TLS_RSA_WITH_AES_128_CBC_SHA"
239239
); // hardware support
240240

241-
public static final List<String> DEFAULT_CIPHERS = JDK12_CIPHERS;
241+
private static final List<String> JDK24_CIPHERS = List.of(
242+
"TLS_AES_256_GCM_SHA384",
243+
"TLS_AES_128_GCM_SHA256", // TLSv1.3 cipher has PFS, AEAD, hardware support
244+
"TLS_CHACHA20_POLY1305_SHA256", // TLSv1.3 cipher has PFS, AEAD
245+
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
246+
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", // PFS, AEAD, hardware support
247+
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
248+
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", // PFS, AEAD, hardware support
249+
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
250+
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", // PFS, AEAD
251+
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
252+
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", // PFS, hardware support
253+
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
254+
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", // PFS, hardware support
255+
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
256+
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", // PFS, hardware support
257+
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
258+
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" // PFS, hardware support
259+
); // hardware support
260+
261+
public static final List<String> DEFAULT_CIPHERS = Runtime.version().feature() < 24 ? PRE_JDK24_CIPHERS : JDK24_CIPHERS;
242262

243263
public static final Setting<String> PASSWORD_HASHING_ALGORITHM = defaultStoredPasswordHashAlgorithmSetting(
244264
"xpack.security.authc.password_hashing.algorithm",

0 commit comments

Comments
 (0)