(TK-143) Allow SSLv3 during unit tests

This commit enables all algorithms (by disabling none) during unit
testing so that our SSLv3 unit tests can work properly.
This commit is contained in:
Nate Wolfe 2015-02-12 17:05:06 -08:00
parent bb68868a12
commit 60030a3b30
2 changed files with 47 additions and 1 deletions

View file

@ -0,0 +1,44 @@
#
# This is the "override security properties file" which is used by default
# in the lein dev profile. End users may override java security properties in
# a similar manner in the production code.
#
# This file augments and overrides $JAVA_HOME/jre/lib/security/java.security
# when the java process is provided the option,
# -Djava.security.properties=./dev-resources/java.security
#
# NOTE: It is possible to make this file authoritative, discarding the values
# in $JAVA_HOME/jre/lib/security/java.security by setting the first character
# of the path to an '=' sign.
#
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
# algorithms during SSL/TLS security parameters negotiation, including
# protocol version negotiation, cipher suites selection, peer authentication
# and key exchange mechanisms.
#
# Disabled algorithms will not be negotiated for SSL/TLS connections, even
# if they are enabled explicitly in an application.
#
# For PKI-based peer authentication and key exchange mechanisms, this list
# of disabled algorithms will also be checked during certification path
# building and validation, including algorithms used in certificates, as
# well as revocation information such as CRLs and signed OCSP Responses.
# This is in addition to the jdk.certpath.disabledAlgorithms property above.
#
# See the specification of "jdk.certpath.disabledAlgorithms" for the
# syntax of the disabled algorithm string.
#
# Note: This property is currently used by Oracle's JSSE implementation.
# It is not guaranteed to be examined and used by other implementations.
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
#
# TK-143 Disable no algorithms so that unit tests are able to exercise the
# behavior of the system when the end user explicitly configures deprecated
# algorithms like SSLv3.
jdk.tls.disabledAlgorithms=

View file

@ -35,7 +35,9 @@
[puppetlabs/trapperkeeper ~tk-version :classifier "test"]
[puppetlabs/trapperkeeper-webserver-jetty9 "0.9.0"]
[spyscope "0.1.4"]]
:injections [(require 'spyscope.core)]}
:injections [(require 'spyscope.core)]
;; TK-143, enable SSLv3 for unit tests that exercise SSLv3
:jvm-opts ["-Djava.security.properties=./dev-resources/java.security"]}
:sources-jar {:java-source-paths ^:replace []
:jar-exclusions ^:replace []
:source-paths ^:replace ["src/clj" "src/java"]}}