From cb3567799d155ebfd14e7c564f75e36f1f9b6bce Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Mon, 18 Sep 2023 16:18:19 -0500 Subject: [PATCH 01/16] support for tls1.3 Signed-off-by: Jordan Filteau --- c/zss.c | 24 +++++++++++++++++++++++- deps/zowe-common-c | 2 +- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/c/zss.c b/c/zss.c index ee4ea205e..34ba05987 100644 --- a/c/zss.c +++ b/c/zss.c @@ -108,7 +108,14 @@ static int traceLevel = 0; #define JSON_ERROR_BUFFER_SIZE 1024 +#define DEFAULT_TLS_KEY_SHARES \ + TLS_SECP256R1 \ + TLS_SECP521R1 \ + TLS_X25519 + #define DEFAULT_TLS_CIPHERS \ + TLS_AES_256_GCM_SHA384 \ + TLS_CHACHA20_POLY1305_SHA256 \ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \ @@ -1149,7 +1156,22 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh, } JsonObject *httpsConfigObject = jsonAsObject(httpsConfig); TlsSettings *settings = (TlsSettings*)SLHAlloc(slh, sizeof(*settings)); - settings->ciphers = DEFAULT_TLS_CIPHERS; + char *ciphers = jsonObjectGetString(httpsConfigObject, "ciphers"); + /* + * Takes a string of ciphers. This isn't ideal, but any other methods are + * going to be fairly complicated. + * + * ciphers: 13021303003500380039002F00320033 + */ + settings->ciphers = ciphers ? ciphers : DEFAULT_TLS_CIPHERS; + /* + * Takes a string of keyshares. This isn't ideal, but any other methods are + * going to be fairly complicated. + * + * keyshares: 002300250029 + */ + char *keyshares = jsonObjectGetString(httpsConfigObject, "keyshares"); + settings->keyshares = keyshares ? keyshares : DEFAULT_TLS_KEY_SHARES; settings->keyring = jsonObjectGetString(httpsConfigObject, "keyring"); settings->label = jsonObjectGetString(httpsConfigObject, "label"); /* settings->stash = jsonObjectGetString(httpsConfigObject, "stash"); - this is obsolete */ diff --git a/deps/zowe-common-c b/deps/zowe-common-c index 45b28654b..2def32ddb 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit 45b28654b8929bcaff1940d3b851a28dca9be696 +Subproject commit 2def32ddb304f928caf7c88537edd5369d5f6dbd From 06fe9ba841c8e1f8868e836cf5dffabd7afc4799 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Mon, 18 Sep 2023 16:23:43 -0500 Subject: [PATCH 02/16] updating zss schema to have keyshares and ciphers Signed-off-by: Jordan Filteau --- schemas/zss-config.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/schemas/zss-config.json b/schemas/zss-config.json index 0ab9b7bbe..592609692 100644 --- a/schemas/zss-config.json +++ b/schemas/zss-config.json @@ -117,6 +117,14 @@ "password": { "type": [ "string", "null" ], "description": "The password to the keyring" + }, + "ciphers": { + "type": [ "string", "null" ], + "description": "The list of ciphers in order of priority" + }, + "keyshares": { + "type": [ "string", "null" ], + "description": "The list of key shares in order of priority" } } }, From 1f18c2480425d05b147f33f0cf25a79e47337cd9 Mon Sep 17 00:00:00 2001 From: struga0258 Date: Wed, 20 Sep 2023 18:50:30 +0000 Subject: [PATCH 03/16] v2.12.0 Signed-off-by: struga0258 --- build/zis.proj.env | 4 ++-- build/zss.proj.env | 2 +- manifest.template.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/zis.proj.env b/build/zis.proj.env index a4723f9ca..66a847fbe 100644 --- a/build/zis.proj.env +++ b/build/zis.proj.env @@ -1,4 +1,4 @@ PROJECT="zis" -VERSION=2.11.0 -DYNLINK_PLUGIN_VERSION=4 +VERSION=2.12.0 +DYNLINK_PLUGIN_VERSION=5 DEPS="" diff --git a/build/zss.proj.env b/build/zss.proj.env index 092e77156..d05de0fc3 100644 --- a/build/zss.proj.env +++ b/build/zss.proj.env @@ -1,5 +1,5 @@ PROJECT="zss" -VERSION=2.11.0 +VERSION=2.12.0 DEPS="QUICKJS LIBYAML" QUICKJS="quickjs" diff --git a/manifest.template.yaml b/manifest.template.yaml index 985e3d5c1..3ad2a24e0 100644 --- a/manifest.template.yaml +++ b/manifest.template.yaml @@ -3,7 +3,7 @@ name: zss # Component identifier. This identifier matches artifact path in Zowe Artifactory https://zowe.jfrog.io/. id: org.zowe.zss # Without the v -version: 2.11.0 +version: 2.12.0 # Component version is defined in gradle.properties for Gradle project # Human readable component name title: Zowe System Services (ZSS) From e1084b7fe47dc04a65730a8ab145400706a31d2b Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Tue, 10 Oct 2023 09:18:08 -0500 Subject: [PATCH 04/16] adding additional cipher for tls1.3 Signed-off-by: Jordan Filteau --- c/zss.c | 1 + 1 file changed, 1 insertion(+) diff --git a/c/zss.c b/c/zss.c index 34ba05987..8a79841e0 100644 --- a/c/zss.c +++ b/c/zss.c @@ -115,6 +115,7 @@ static int traceLevel = 0; #define DEFAULT_TLS_CIPHERS \ TLS_AES_256_GCM_SHA384 \ + TLS_AES_128_GCM_SHA256 \ TLS_CHACHA20_POLY1305_SHA256 \ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \ From 5adbb0d038dcff72462d3fd7f746f06a8814610c Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Tue, 10 Oct 2023 09:20:04 -0500 Subject: [PATCH 05/16] updating submodule for zowe-common-c Signed-off-by: Jordan Filteau --- deps/zowe-common-c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/zowe-common-c b/deps/zowe-common-c index 2def32ddb..d2d254ae6 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit 2def32ddb304f928caf7c88537edd5369d5f6dbd +Subproject commit d2d254ae6d2e82b202d70fd03a0a1852e0321046 From 021e750f3b041c34566736c28dae625a55189f92 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Tue, 10 Oct 2023 10:03:07 -0500 Subject: [PATCH 06/16] updating submodule for zowe-common-c Signed-off-by: Jordan Filteau --- deps/zowe-common-c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/zowe-common-c b/deps/zowe-common-c index d2d254ae6..aaaa4c43f 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit d2d254ae6d2e82b202d70fd03a0a1852e0321046 +Subproject commit aaaa4c43fae2dda6082c7098210200f7a96f754e From 105f4af224213b2d8ca415ec0ee0270bf61efe77 Mon Sep 17 00:00:00 2001 From: Irek Fakhrutdinov Date: Wed, 11 Oct 2023 12:21:37 -0400 Subject: [PATCH 07/16] Update deps to include wtoPrintf3 fix Signed-off-by: Irek Fakhrutdinov --- deps/zowe-common-c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/zowe-common-c b/deps/zowe-common-c index aaaa4c43f..d58dd0a5e 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit aaaa4c43fae2dda6082c7098210200f7a96f754e +Subproject commit d58dd0a5ee84cbe8586fd3cfc197035d6f0d0670 From c723bca66535ddfabba9ae32573d4e2f0117f353 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Thu, 12 Oct 2023 13:21:30 -0500 Subject: [PATCH 08/16] allowing disable of TLSv1.3 Signed-off-by: Jordan Filteau --- c/zss.c | 2 ++ deps/zowe-common-c | 2 +- schemas/zss-config.json | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/c/zss.c b/c/zss.c index 8a79841e0..1f4c7d89d 100644 --- a/c/zss.c +++ b/c/zss.c @@ -1173,6 +1173,8 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh, */ char *keyshares = jsonObjectGetString(httpsConfigObject, "keyshares"); settings->keyshares = keyshares ? keyshares : DEFAULT_TLS_KEY_SHARES; + char *maxTls = jsonObjectGetString(httpsConfigObject, "maxTls"); + settings->maxTls = maxTls; settings->keyring = jsonObjectGetString(httpsConfigObject, "keyring"); settings->label = jsonObjectGetString(httpsConfigObject, "label"); /* settings->stash = jsonObjectGetString(httpsConfigObject, "stash"); - this is obsolete */ diff --git a/deps/zowe-common-c b/deps/zowe-common-c index aaaa4c43f..101b4782e 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit aaaa4c43fae2dda6082c7098210200f7a96f754e +Subproject commit 101b4782e71d7d0d7964e4d333c7b765510ff838 diff --git a/schemas/zss-config.json b/schemas/zss-config.json index 592609692..9d5e532a8 100644 --- a/schemas/zss-config.json +++ b/schemas/zss-config.json @@ -125,6 +125,10 @@ "keyshares": { "type": [ "string", "null" ], "description": "The list of key shares in order of priority" + }, + "maxTls": { + "type": [ "string", "null" ], + "description": "Maximum tls version allowed." } } }, From cd5274e81368461aff514c904b4c28825e6c0e8a Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Thu, 12 Oct 2023 13:30:30 -0500 Subject: [PATCH 09/16] code simplify; changing to enum for maxTls Signed-off-by: Jordan Filteau --- c/zss.c | 3 +-- deps/zowe-common-c | 2 +- schemas/zss-config.json | 2 ++ 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/c/zss.c b/c/zss.c index 1f4c7d89d..c1bab1c14 100644 --- a/c/zss.c +++ b/c/zss.c @@ -1173,8 +1173,7 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh, */ char *keyshares = jsonObjectGetString(httpsConfigObject, "keyshares"); settings->keyshares = keyshares ? keyshares : DEFAULT_TLS_KEY_SHARES; - char *maxTls = jsonObjectGetString(httpsConfigObject, "maxTls"); - settings->maxTls = maxTls; + settings->maxTls = jsonObjectGetString(httpsConfigObject, "maxTls"); settings->keyring = jsonObjectGetString(httpsConfigObject, "keyring"); settings->label = jsonObjectGetString(httpsConfigObject, "label"); /* settings->stash = jsonObjectGetString(httpsConfigObject, "stash"); - this is obsolete */ diff --git a/deps/zowe-common-c b/deps/zowe-common-c index 101b4782e..503026245 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit 101b4782e71d7d0d7964e4d333c7b765510ff838 +Subproject commit 503026245e4b1619a9acb0b826d35a324438b9e4 diff --git a/schemas/zss-config.json b/schemas/zss-config.json index 9d5e532a8..9903bfb1f 100644 --- a/schemas/zss-config.json +++ b/schemas/zss-config.json @@ -128,6 +128,8 @@ }, "maxTls": { "type": [ "string", "null" ], + "enum": ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3"], + "default": "TLSv1.3", "description": "Maximum tls version allowed." } } From 482b7dfabb83bdd602bef2495a7292b9b6aa89b0 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Thu, 12 Oct 2023 13:32:15 -0500 Subject: [PATCH 10/16] fixing whitespace Signed-off-by: Jordan Filteau --- schemas/zss-config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/schemas/zss-config.json b/schemas/zss-config.json index 9903bfb1f..8674bb008 100644 --- a/schemas/zss-config.json +++ b/schemas/zss-config.json @@ -128,8 +128,8 @@ }, "maxTls": { "type": [ "string", "null" ], - "enum": ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3"], - "default": "TLSv1.3", + "enum": ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3"], + "default": "TLSv1.3", "description": "Maximum tls version allowed." } } From 6cfcc1cfead26121c6477e47b6183d1775ab667c Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 13 Oct 2023 10:30:08 -0400 Subject: [PATCH 11/16] Add ability to do tls tracing via config Signed-off-by: 1000TurquoisePogs --- bin/start.sh | 7 ++++++- schemas/zss-config.json | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/bin/start.sh b/bin/start.sh index 893118091..532bc57fe 100755 --- a/bin/start.sh +++ b/bin/start.sh @@ -173,7 +173,12 @@ if [[ "${OSNAME}" == "OS/390" ]]; then else ZSS_SERVER="${ZSS_SERVER_31}" fi - + + if [ "$ZWE_components_zss_https_trace" = "true" ] && [ "$ZWES_LOG_FILE" != "/dev/null" ]; then + export GSK_TRACE_FILE="${ZWES_LOG_FILE}.tlstrace" + export GSK_TRACE=0xFF + fi + if [ "$ZWES_LOG_FILE" = "/dev/null" ]; then _BPX_SHAREAS=NO _BPX_JOBNAME=${ZWE_zowe_job_prefix}SZ ${ZSS_SERVER} --schemas "${ZWES_SCHEMA_PATHS}" --configs "${ZWES_CONFIG}" 2>&1 else diff --git a/schemas/zss-config.json b/schemas/zss-config.json index 8674bb008..aa2091e00 100644 --- a/schemas/zss-config.json +++ b/schemas/zss-config.json @@ -106,6 +106,11 @@ "$ref": "#/$defs/ipsAndHostnames", "default": [ "0.0.0.0" ] }, + "trace": { + "type": "boolean", + "description": "Enables TLS tracing to diagnose connection issues. Output will be within the zowe log directory.", + "default": false + }, "label": { "type": [ "string", "null" ], "description": "The label (aka alias), identifying the server's certificate in the key store" From 3e39427ed1c5e5bd04d10344b7740fb30a317f89 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 13 Oct 2023 10:37:00 -0400 Subject: [PATCH 12/16] fix ref to include agent Signed-off-by: 1000TurquoisePogs --- bin/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/start.sh b/bin/start.sh index 532bc57fe..0a1df3986 100755 --- a/bin/start.sh +++ b/bin/start.sh @@ -174,7 +174,7 @@ if [[ "${OSNAME}" == "OS/390" ]]; then ZSS_SERVER="${ZSS_SERVER_31}" fi - if [ "$ZWE_components_zss_https_trace" = "true" ] && [ "$ZWES_LOG_FILE" != "/dev/null" ]; then + if [ "$ZWE_components_zss_agent_https_trace" = "true" ] && [ "$ZWES_LOG_FILE" != "/dev/null" ]; then export GSK_TRACE_FILE="${ZWES_LOG_FILE}.tlstrace" export GSK_TRACE=0xFF fi From 53f8442e15f3e943a7f13b85b6a5f6465928e450 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Fri, 13 Oct 2023 14:59:31 -0500 Subject: [PATCH 13/16] splitting 1.2 and 1.3 default ciphers and configuration Signed-off-by: Jordan Filteau --- c/zss.c | 12 ++++++++---- deps/zowe-common-c | 2 +- schemas/zss-config.json | 8 ++++++-- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/c/zss.c b/c/zss.c index c1bab1c14..837112de5 100644 --- a/c/zss.c +++ b/c/zss.c @@ -113,10 +113,12 @@ static int traceLevel = 0; TLS_SECP521R1 \ TLS_X25519 -#define DEFAULT_TLS_CIPHERS \ +#define DEFAULT_TLS_CIPHERS_V13 \ TLS_AES_256_GCM_SHA384 \ TLS_AES_128_GCM_SHA256 \ - TLS_CHACHA20_POLY1305_SHA256 \ + TLS_CHACHA20_POLY1305_SHA256 + +#define DEFAULT_TLS_CIPHERS_V12 \ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \ @@ -1157,14 +1159,16 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh, } JsonObject *httpsConfigObject = jsonAsObject(httpsConfig); TlsSettings *settings = (TlsSettings*)SLHAlloc(slh, sizeof(*settings)); - char *ciphers = jsonObjectGetString(httpsConfigObject, "ciphers"); + char *ciphers1_3 = jsonObjectGetString(httpsConfigObject, "ciphersTLSv13"); + char *ciphers1_2 = jsonObjectGetString(httpsConfigObject, "ciphersTLSv12"); /* * Takes a string of ciphers. This isn't ideal, but any other methods are * going to be fairly complicated. * * ciphers: 13021303003500380039002F00320033 */ - settings->ciphers = ciphers ? ciphers : DEFAULT_TLS_CIPHERS; + settings->ciphers1_2 = ciphers1_2 ? ciphers1_2 : DEFAULT_TLS_CIPHERS_V12; + settings->ciphers1_3 = ciphers1_3 ? ciphers1_3 : DEFAULT_TLS_CIPHERS_V13; /* * Takes a string of keyshares. This isn't ideal, but any other methods are * going to be fairly complicated. diff --git a/deps/zowe-common-c b/deps/zowe-common-c index 503026245..415f6f29b 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit 503026245e4b1619a9acb0b826d35a324438b9e4 +Subproject commit 415f6f29b929646c3a485057696df8061ec8b076 diff --git a/schemas/zss-config.json b/schemas/zss-config.json index 8674bb008..802a5160b 100644 --- a/schemas/zss-config.json +++ b/schemas/zss-config.json @@ -118,9 +118,13 @@ "type": [ "string", "null" ], "description": "The password to the keyring" }, - "ciphers": { + "ciphers1_2": { "type": [ "string", "null" ], - "description": "The list of ciphers in order of priority" + "description": "The list of ciphers for TLSv1.2 in order of priority" + }, + "ciphers1_3": { + "type": [ "string", "null" ], + "description": "The list of ciphers for TLSv1.3 in order of priority" }, "keyshares": { "type": [ "string", "null" ], From 2c2e6ef4bbaf96db0ee31198e2e82a1d81eb9410 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Fri, 13 Oct 2023 15:04:59 -0500 Subject: [PATCH 14/16] updating submodule for zowe-common-c Signed-off-by: Jordan Filteau --- deps/zowe-common-c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/zowe-common-c b/deps/zowe-common-c index 415f6f29b..e71d1ce58 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit 415f6f29b929646c3a485057696df8061ec8b076 +Subproject commit e71d1ce58520b70d627672170a48caa974736e3b From dd3f02f06f38332516c0017eef99bef67b500b40 Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Fri, 13 Oct 2023 15:48:34 -0500 Subject: [PATCH 15/16] concatenating v1.2 ciphers to v1.3 ciphers Signed-off-by: Jordan Filteau --- c/zss.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/c/zss.c b/c/zss.c index 837112de5..00c92d08a 100644 --- a/c/zss.c +++ b/c/zss.c @@ -113,11 +113,6 @@ static int traceLevel = 0; TLS_SECP521R1 \ TLS_X25519 -#define DEFAULT_TLS_CIPHERS_V13 \ - TLS_AES_256_GCM_SHA384 \ - TLS_AES_128_GCM_SHA256 \ - TLS_CHACHA20_POLY1305_SHA256 - #define DEFAULT_TLS_CIPHERS_V12 \ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \ @@ -126,6 +121,12 @@ static int traceLevel = 0; TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +#define DEFAULT_TLS_CIPHERS_V13 \ + TLS_AES_256_GCM_SHA384 \ + TLS_AES_128_GCM_SHA256 \ + TLS_CHACHA20_POLY1305_SHA256 \ + DEFAULT_TLS_CIPHERS_V12 + #define LOGGING_COMPONENT_PREFIX "_zss." static int stringEndsWith(char *s, char *suffix); From 61baa0b20c9a61a1cade80cf4839a4dffc7cc48f Mon Sep 17 00:00:00 2001 From: Jordan Filteau Date: Fri, 13 Oct 2023 16:47:55 -0500 Subject: [PATCH 16/16] reverting changes Signed-off-by: Jordan Filteau --- c/zss.c | 16 +++++++++++----- deps/zowe-common-c | 2 +- schemas/zss-config.json | 8 ++------ 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/c/zss.c b/c/zss.c index 00c92d08a..bce8aa91b 100644 --- a/c/zss.c +++ b/c/zss.c @@ -1160,16 +1160,23 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh, } JsonObject *httpsConfigObject = jsonAsObject(httpsConfig); TlsSettings *settings = (TlsSettings*)SLHAlloc(slh, sizeof(*settings)); - char *ciphers1_3 = jsonObjectGetString(httpsConfigObject, "ciphersTLSv13"); - char *ciphers1_2 = jsonObjectGetString(httpsConfigObject, "ciphersTLSv12"); + settings->maxTls = jsonObjectGetString(httpsConfigObject, "maxTls"); + char *ciphers = jsonObjectGetString(httpsConfigObject, "ciphers"); /* * Takes a string of ciphers. This isn't ideal, but any other methods are * going to be fairly complicated. * * ciphers: 13021303003500380039002F00320033 */ - settings->ciphers1_2 = ciphers1_2 ? ciphers1_2 : DEFAULT_TLS_CIPHERS_V12; - settings->ciphers1_3 = ciphers1_3 ? ciphers1_3 : DEFAULT_TLS_CIPHERS_V13; + ECVT *ecvt = getECVT(); + /* + 2.3 (1020300) no tls 1.3 + */ + if ((ecvt->ecvtpseq > 0x1020300) && (settings->maxTls == NULL || !strcmp(settings->maxTls, "TLSv1.3"))) { + settings->ciphers = ciphers ? ciphers : DEFAULT_TLS_CIPHERS_V13; + } else { + settings->ciphers = ciphers ? ciphers : DEFAULT_TLS_CIPHERS_V12; + } /* * Takes a string of keyshares. This isn't ideal, but any other methods are * going to be fairly complicated. @@ -1178,7 +1185,6 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh, */ char *keyshares = jsonObjectGetString(httpsConfigObject, "keyshares"); settings->keyshares = keyshares ? keyshares : DEFAULT_TLS_KEY_SHARES; - settings->maxTls = jsonObjectGetString(httpsConfigObject, "maxTls"); settings->keyring = jsonObjectGetString(httpsConfigObject, "keyring"); settings->label = jsonObjectGetString(httpsConfigObject, "label"); /* settings->stash = jsonObjectGetString(httpsConfigObject, "stash"); - this is obsolete */ diff --git a/deps/zowe-common-c b/deps/zowe-common-c index e71d1ce58..0d55d4724 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit e71d1ce58520b70d627672170a48caa974736e3b +Subproject commit 0d55d47244d37b77bd156fc0376cc0c90e9592a2 diff --git a/schemas/zss-config.json b/schemas/zss-config.json index 7a671f093..aa2091e00 100644 --- a/schemas/zss-config.json +++ b/schemas/zss-config.json @@ -123,13 +123,9 @@ "type": [ "string", "null" ], "description": "The password to the keyring" }, - "ciphers1_2": { + "ciphers": { "type": [ "string", "null" ], - "description": "The list of ciphers for TLSv1.2 in order of priority" - }, - "ciphers1_3": { - "type": [ "string", "null" ], - "description": "The list of ciphers for TLSv1.3 in order of priority" + "description": "The list of ciphers in order of priority" }, "keyshares": { "type": [ "string", "null" ],