Develop Reference

Getting "TLSv1.3 is not supported" error while connecting to elastic search using Java Transport Client

I am trying to connect to elastic search (7.8) securely through Java transport client. I have used x-pack to secure elastic search connectivity. I am not able to create an object of Client due to below error.
2020-08-13 17:43:24 [main] DEBUG XPackSettings:199 - TLSv1.3 is not supported
java.security.NoSuchAlgorithmException: TLSv1.3 SSLContext not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) ~[?:1.8.0_251]
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) ~[?:1.8.0_251]
at org.elasticsearch.xpack.core.XPackSettings.<clinit>(XPackSettings.java:196) [x-pack-core-7.8.1.jar:7.8.1]
I am using Java 1.8 and supporting jars along with version listed below.
elasticsearch-7.8.0.jar r
elasticsearch-cli-7.8.0.jar
elasticsearch-core-7.8.0.jar
elasticsearch-geo-7.8.0.jar
elasticsearch-nio-7.8.1.jar
elasticsearch-rest-client-7.8.1.jar
elasticsearch-secure-sm-7.8.0.jar
elasticsearch-ssl-config-7.8.1.jar
elasticsearch-x-content-7.8.0.jar
x-pack-core-7.8.1.jar
x-pack-transport-7.8.1-1.0.jar
Connection code that I am using to connect to elastic search through transport port 9300 are below.
Client client = new PreBuiltXPackTransportClient(Settings.builder().put("cluster.name",esClusterName)
.put("node.name", esNodeName)
.put("xpack.security.transport.ssl.enabled", true)
.put("request.headers.X-Found-Cluster",esClusterName)
.put("xpack.security.user", elasticSerachCred)
.put("xpack.security.transport.ssl.key", elasticSearchSSLKeyLocation)
.put("xpack.security.transport.ssl.certificate", elasticSearchSSLCertificateLocation)
.put("client.transport.sniff", false)
.build()).addTransportAddress(new TransportAddress(InetAddress.getByName(transportServerName), transportPort));
elastic search key and certificate I am using same which I have added in elasticsearch.yml file to enable security.
Note:- When I am running this connection code without through tomcat server, connection is working perfectly fine but with tomcat server it is giving this error.
So, I am confuse either I need to do some changes in tomcat side or Is there any elastic search supporting jars version mismatch causing this.
Can anyone guide me here?
Thanks

How do I configure a TLS client configuration from Spring Boot to MongoDB instance?

I'm trying to configure a Spring Boot web application to use TLS when making connections to a MongoDB instance, running in a Docker container.
I've configured the MongoDB instance in Docker to use a self-signed certificate, and require TLS. The configuration file for MongoDB (mongod.conf) looks like this:
net:
bindIp: 0.0.0.0
port: 27017
tls:
certificateKeyFile: /home/mongodb/ssl/my-self-signed-cert.pem
mode: requireTLS
allowConnectionsWithoutCertificates: true
...
I can connect to the instance with TLS using the Mongo connection string from the command line, getting the Mongo shell. However, I can't get my web application to connect to that same MongoDB instance over TLS.
To try testing the connection, I've tried creating a unit test that will access the DB. The Spring Boot magic causes the test to fail during setup. It seems like this is because autowiring in some of the dependencies (MongoTemplate, I think) seems to test the connection, which requires TLS and then fails.
To set up the TLS connection, I added the server's certificate to the Java truststore, using keytool. However, the connection still fails. I've tried specifying the location of a .jks file created with keytool, as well, in the application.yml file, like so:
...
javax:
net:
ssl:
trustStore: src/main/resources/truststore/trustedcerts.jks
...
Ultimately, my question is: How can I configure TLS-secured connections to MongoDB from my Spring Boot app? Currently, we implement data access using MongoRepository and MongoTemplate.

You have to set the system properties in your java application
System.setProperty ("javax.net.ssl.keyStore",keystorePath);
System.setProperty ("javax.net.ssl.keyStorePassword",keystorePass);
System.setProperty ("javax.net.ssl.trustStore",truststorePath);
System.setProperty ("javax.net.ssl.trustStorePassword","changeit");

Use TLS 1.2 in mssql jdbc

Starting which version of mssql-jdbc- jre8 is TLS 1.2 supported? Is a special configuration needed to use TLS 1.2? or it works out of the box)MSSQL server is set up to accept only TLS 1.2 connections)?

Starting which version of mssql-jdbc- jre8 is TLS 1.2 supported?
Java 8 supports TLS1.0 through TLS1.2, and TLS1.2 is the default; see Transport Level Security (TLS) and Java. The MSSQL JDBC drivers will use the JVM's SSL libraries.
Is a special configuration needed to use TLS 1.2?
No. Not on the client side.
or it works out of the box.
Yes.
MSSQL server is set up to accept only TLS 1.2 connections?
That would depend on how the database server itself is configured. According to "TLS 1.2 support for Microsoft SQL Server", SQL Server 2016 supports TLS 1.0 through 1.2, but you can configure it to disable versions that you don't want.

Securing Neo4J with TLS through bolt protocol

Neo4J server configuration allows to set up a server-side policy to secure both HTTPS and BOLT connections.
In my installation I secured the BOLT connection by setting up a policy with PEM public and private key and settings:
dbms.connector.bolt.enabled=true
dbms.connector.bolt.tls_level=REQUIRED
bolt.ssl_policy=my_policy
dbms.ssl.policy.my_policy..base_directory=...
...
The set up works with a browser client. When I connect to the server through HTTPS, I am able to log in using ":server connect" command and use Neo4J browser with my server.
What I cannot do is figure out how other client can connect to Neo4J with secure BOLT protocol. Specifically, I tried connecting from cypher-shell and from a Java client (using Java Driver v 1.6). When TLS for BOLT is disabled, both connect without a hitch. Enabling TLS causes bad_certificate error in both clients.
I tried starting both cypher-shell and my Java client by passing JVM properties pointing to my trust store and key store
(-Djavax.net.ssl.keyStore=...
-Djavax.net.ssl.keyStorePassword=...
-Djavax.net.ssl.trustStore=...
-Djavax.net.ssl.trustStorePassword=...)
These properties have no effect on either Neo4J client. I am getting a bad_certificate exception.
I tried enabling SSL debugging (-Djavax.net.debug=ssl,handshake). Calling the Java client or cypher-shell with keystore and truststore parameters has no effect on the SSL debug output.
How do I connect to the server with TLS for BOLT enabled from cypher-shell or a Java client?
Thank you.

How to make Glassfish 4.0 WebService use TLSv1.1 or TLSv1.2

Good Day, Everyone,
I have a JAX-WS (Metro) Web Service running on Glassfish 4.0 that receives inbound https messages. All has been running great (over TLSv1.0), but now the vendor sending us messages wants to require that they only be sent over TLSv1.1 or TLSv1.2. GF4.0 uses JDK7 by default which supports TLSv1.2 but it is disabled by default. How do you turn this on so that the Web Service can still receive messages?? I can do this in a POJO client (outbound), but am having issues configuring the server to do the same (inbound).
I have tried going into the GF Admin Console\Configurations\server-config\JVM Settings and adding JVM Option -Dhttps.protocols=TLSv1.2 but this seems to have no affect...
Thanks in advance! :)

TLS 1.2 should be enabled by default. You can disable TLS and TLS1.1 using the following asadmin commands
asadmin set configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.tls-enabled=false
asadmin set configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.tls11-enabled=false
If you have other HTTPS listeners configured other than the default then replace http-listener-2 with the name of your http-listener and server-config with the name of your configuration e.g. default-config.