Skip to content

Default TLS protocol to TLSv1.3 and warn when not enabled #51336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Default TLS protocol to TLSv1.3 and warn when not enabled #51336

wants to merge 1 commit into from
+20 −8

Conversation

@cescoffier
Copy link
Member

@cescoffier cescoffier commented Dec 2, 2025

BREAKING CHANGE: Changes the default TLS protocol from "TLSv1.3,TLSv1.2" to just "TLSv1.3". Applications requiring TLSv1.2 support must now explicitly configure it using the protocols property (set to TLSv1.3, TLSv1.2)

Adds a warning log when TLSv1.3 is not enabled in a TLS bucket configuration.

@cescoffier cescoffier requested a review from gsmet December 2, 2025 15:12
@quarkus-bot

This comment has been minimized.

Sign in to view
@github-actions
Copy link

github-actions bot commented Dec 2, 2025
edited
Loading

🎊 PR Preview e72daac has been successfully built and deployed to https://quarkus-pr-main-51336-preview.surge.sh/version/main/guides/

  • Images of blog posts older than 3 months are not available.
  • Newsletters older than 3 months are not available.

sberyozkin
sberyozkin approved these changes Dec 2, 2025
View reviewed changes
Copy link
Member

@sberyozkin sberyozkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks.

The only thing that probably needs an update is reverting an import collapsing to javax.net.ssl.* and java.util.*, unless it is now recommended ?

@cescoffier
Copy link
Member Author

cescoffier commented Dec 2, 2025

No, good catch, stupid ide.

@sberyozkin
Copy link
Member

sberyozkin commented Dec 2, 2025

I won't be merging in any case, as Guillaume was asked to approve

@quarkus-bot

This comment has been minimized.

Sign in to view
@cescoffier
Copy link
Member Author

cescoffier commented Dec 2, 2025

Ah ah, didn't know we weee testing that. I will update the PR tomorrow

@cescoffier
Copy link
Member Author

cescoffier commented Dec 3, 2025

I updated the PR - however, I believe I will still hit the openapi issue. Let's see.

@quarkus-bot

This comment has been minimized.

Sign in to view
@quarkus-bot

This comment has been minimized.

Sign in to view
@cescoffier
Default TLS protocol to TLSv1.3 and warn when not enabled
86aed97 
BREAKING CHANGE: Changes the default TLS protocol from "TLSv1.3,TLSv1.2" to just "TLSv1.3". Applications requiring TLSv1.2 support must now explicitly configure it using the `protocols` property (set to TLSv1.3,TLSv1.2)

Adds a warning log when TLSv1.3 is not enabled in a TLS bucket configuration.
@quarkus-bot
Copy link

quarkus-bot bot commented Dec 5, 2025

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit 86aed97.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

Warning

There are other workflow runs running, you probably need to wait for their status before merging.

@quarkus-bot
Copy link

quarkus-bot bot commented Dec 5, 2025
edited by github-actions bot
Loading

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 86aed97.

Failing Jobs

Status Name Step Failures Logs Raw logs Build scan
✔️ Gradle Tests - JDK 17 Logs Raw logs 🔍
Gradle Tests - JDK 17 Windows Build Failures Logs Raw logs 🚧

Full information is available in the Build summary check run.
You can consult the Develocity build scans.

Failures

⚙️ Gradle Tests - JDK 17 Windows #

- Failing: integration-tests/gradle

📦 integration-tests/gradle

io.quarkus.gradle.SpringDependencyManagementTest.testQuarkusBuildShouldWorkWithSpringDependencyManagement line 18 - History - More details - Source on GitHub

java.lang.AssertionError: Gradle build failed with exit code 1
	at io.quarkus.gradle.QuarkusGradleWrapperTestBase.runGradleWrapper(QuarkusGradleWrapperTestBase.java:173)
	at io.quarkus.gradle.QuarkusGradleWrapperTestBase.runGradleWrapper(QuarkusGradleWrapperTestBase.java:87)
	at io.quarkus.gradle.QuarkusGradleWrapperTestBase.runGradleWrapper(QuarkusGradleWrapperTestBase.java:82)
	at io.quarkus.gradle.SpringDependencyManagementTest.testQuarkusBuildShouldWorkWithSpringDependencyManagement(SpringDependencyManagementTest.java:18)
	at java.base/java.lang.reflect.Method.invoke(Method.java:569)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)

io.quarkus.gradle.TestFixturesClientExceptionMapperTest.testBasicMultiModuleBuild line 12 - History - More details - Source on GitHub

java.lang.AssertionError: Gradle build failed with exit code 1
	at io.quarkus.gradle.QuarkusGradleWrapperTestBase.runGradleWrapper(QuarkusGradleWrapperTestBase.java:173)
	at io.quarkus.gradle.QuarkusGradleWrapperTestBase.runGradleWrapper(QuarkusGradleWrapperTestBase.java:87)
	at io.quarkus.gradle.QuarkusGradleWrapperTestBase.runGradleWrapper(QuarkusGradleWrapperTestBase.java:82)
	at io.quarkus.gradle.TestFixturesClientExceptionMapperTest.testBasicMultiModuleBuild(TestFixturesClientExceptionMapperTest.java:12)
	at java.base/java.lang.reflect.Method.invoke(Method.java:569)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)

Flaky tests - Develocity

⚙️ JVM Tests - JDK 21 Semeru

📦 extensions/smallrye-reactive-messaging/deployment

io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector - History

  • Expecting actual: ["-6","-8","-9","-10","-11","-12","-13","-14"] to start with: ["-6", "-7", "-8", "-9"] - java.lang.AssertionError
java.lang.AssertionError: 

Expecting actual:
  ["-6","-8","-9","-10","-11","-12","-13","-14"]
to start with:
  ["-6", "-7", "-8", "-9"]

	at io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector(ConnectorChangeTest.java:41)

⚙️ JVM Tests - JDK 25

📦 extensions/micrometer-opentelemetry/deployment

io.quarkus.micrometer.opentelemetry.deployment.compatibility.MicrometerTimedInterceptorTest.testTimeMethod_Uni - History

  • Stream has no elements - java.lang.IllegalArgumentException
java.lang.IllegalArgumentException: Stream has no elements
	at io.quarkus.micrometer.opentelemetry.deployment.common.MetricDataFilter.lambda$lastReading$1(MetricDataFilter.java:213)
	at java.base/java.util.Optional.orElseThrow(Optional.java:403)
	at io.quarkus.micrometer.opentelemetry.deployment.common.MetricDataFilter.lastReading(MetricDataFilter.java:213)
	at io.quarkus.micrometer.opentelemetry.deployment.common.MetricDataFilter.lastReadingDataPoint(MetricDataFilter.java:231)
	at io.quarkus.micrometer.opentelemetry.deployment.compatibility.MicrometerTimedInterceptorTest.testTimeMethod_Uni(MicrometerTimedInterceptorTest.java:174)
	at java.base/java.lang.reflect.Method.invoke(Method.java:565)
	at io.quarkus.test.QuarkusUnitTest.runExtensionMethod(QuarkusUnitTest.java:532)

⚙️ MicroProfile TCKs Tests

📦 tcks/microprofile-lra

org.eclipse.microprofile.lra.tck.TckRecoveryTests.testCancelWhenParticipantIsUnavailable - History

  • Expecting the metric Compensated callback was called Expected: a value equal to or greater than <1> but: <0> was less than <1> - java.lang.AssertionError
java.lang.AssertionError: 
Expecting the metric Compensated callback was called
Expected: a value equal to or greater than <1>
     but: <0> was less than <1>
	at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:20)
	at org.eclipse.microprofile.lra.tck.TckRecoveryTests.assertMetricCallbackCalled(TckRecoveryTests.java:210)
	at org.eclipse.microprofile.lra.tck.TckRecoveryTests.testCancelWhenParticipantIsUnavailable(TckRecoveryTests.java:195)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sberyozkin sberyozkin sberyozkin approved these changes

@gsmet gsmet Awaiting requested review from gsmet

Assignees

No one assigned

Labels

area/vertx release/breaking-change triage/flaky-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cescoffier @sberyozkin