ATLAS-5047: ATLAS- Support TLS 1.3 (#364)

chaitalicod · chaitalithombare · web-flow · commit 7502cec2e385 · 2025-06-23T12:33:33.000+05:30
Co-authored-by: chaitalithombare &lt;chaitalithombare@apache.org&gt;
diff --git a/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java b/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
@@ -40,9 +40,12 @@ public final class SecurityProperties {
     public static final String       SSL_CLIENT_PROPERTIES                    = "ssl-client.xml";
     public static final String       BIND_ADDRESS                             = "atlas.server.bind.address";
     public static final String       ATLAS_SSL_EXCLUDE_CIPHER_SUITES          = "atlas.ssl.exclude.cipher.suites";
+    public static final String       ATLAS_SSL_ENABLED_ALGORITHMS             = "atlas.ssl.enabled.algorithms";
     public static final List<String> DEFAULT_CIPHER_SUITES                    = Arrays.asList(".*NULL.*", ".*RC4.*", ".*MD5.*", ".*DES.*", ".*DSS.*");
     public static final String       ATLAS_SSL_EXCLUDE_PROTOCOLS              = "atlas.ssl.exclude.protocols";
+    public static final String       ATLAS_SSL_ENABLED_PROTOCOLS              = "atlas.ssl.enabled.protocols";
     public static final String[]     DEFAULT_EXCLUDE_PROTOCOLS                = new String[] {"TLSv1", "TLSv1.1"};
+    public static final String[]     ATLAS_SSL_DEFAULT_PROTOCOL               = new String[] { "TLSv1.2" };
 
     private SecurityProperties() {
     }
diff --git a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -55,6 +55,9 @@
 
 import static org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_CIPHER_SUITES;
 import static org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_PROTOCOLS;
+import static org.apache.atlas.security.SecurityProperties.ATLAS_SSL_ENABLED_ALGORITHMS;
+import static org.apache.atlas.security.SecurityProperties.ATLAS_SSL_ENABLED_PROTOCOLS;
+import static org.apache.atlas.security.SecurityProperties.ATLAS_SSL_DEFAULT_PROTOCOL;
 import static org.apache.atlas.security.SecurityProperties.CLIENT_AUTH_KEY;
 import static org.apache.atlas.security.SecurityProperties.DEFATULT_TRUSTORE_FILE_LOCATION;
 import static org.apache.atlas.security.SecurityProperties.DEFAULT_CIPHER_SUITES;
@@ -117,6 +120,17 @@ protected Connector getConnector(String host, int port) throws IOException {
             sslContextFactory.addExcludeProtocols(excludedProtocols);
         }
 
+        List<Object> enabledCiphersList = config.getList(ATLAS_SSL_ENABLED_ALGORITHMS);
+        if (enabledCiphersList != null && !enabledCiphersList.isEmpty()) {
+            sslContextFactory.setIncludeCipherSuites(enabledCiphersList.toArray(new String[enabledCiphersList.size()]));
+        }
+        String[] enabledProtocols = config.containsKey(ATLAS_SSL_ENABLED_PROTOCOLS) ?
+                config.getStringArray(ATLAS_SSL_ENABLED_PROTOCOLS) : ATLAS_SSL_DEFAULT_PROTOCOL;
+
+        if (enabledProtocols != null && enabledProtocols.length > 0) {
+            sslContextFactory.setIncludeProtocols(enabledProtocols);
+        }
+
         // SSL HTTP Configuration
         // HTTP Configuration
         HttpConfiguration httpConfig = new HttpConfiguration();
