Merge pull request #720 from naphelps/authenication-update

Removed TLS v1.2 support. Removed an API key authentication pathway.
open-horizon · Sep 30, 2024 · 60ee72e · 60ee72e
2 parents fa952ee + ae1fb0e
commit 60ee72e
Show file tree

Hide file tree

Showing 7 changed files with 78 additions and 364 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file.
 
+## [2.125.0] - 2024-09-30
+- Removed support for TLS v1.2.
+- Removed an API key authentication pathway.
+
 ## [2.124.0] - 2024-09-14
 - Application configuration overhaul.
   - Some database configuration changes are not backwards compatible. 

diff --git a/build.sbt b/build.sbt
@@ -37,7 +37,7 @@ lazy val root = (project in file("."))
     pekkoVersion                  := "[1.0.2]",
     release                       := sys.env.getOrElse("GIT_SHORT_SHA", versionFunc()),
     resolvers                     += Classpaths.typesafeReleases,
-    scalaVersion                  := "2.13.14",
+    scalaVersion                  := "2.13.15",
     summary                       := "'Open Horizon exchange-api image'",
     vendor                        := "'Open Horizon'",
     version                       := sys.env.getOrElse("IMAGE_VERSION", versionFunc()),

diff --git a/docs/openapi-3-developer.json b/docs/openapi-3-developer.json
@@ -8,7 +8,7 @@
       "name" : "Apache License Version 2.0",
       "url" : "https://www.apache.org/licenses/LICENSE-2.0"
     },
-    "version" : "2.124.0"
+    "version" : "2.125.0"
   },
   "externalDocs" : {
     "description" : "Open-horizon ExchangeAPI",

diff --git a/docs/openapi-3-user.json b/docs/openapi-3-user.json
@@ -8,7 +8,7 @@
       "name" : "Apache License Version 2.0",
       "url" : "https://www.apache.org/licenses/LICENSE-2.0"
     },
-    "version" : "2.124.0"
+    "version" : "2.125.0"
   },
   "externalDocs" : {
     "description" : "Open-horizon ExchangeAPI",

diff --git a/src/main/resources/version.txt b/src/main/resources/version.txt
@@ -1 +1 @@
-2.124.0
+2.125.0
diff --git a/src/main/scala/org/openhorizon/exchangeapi/ExchangeApiApp.scala b/src/main/scala/org/openhorizon/exchangeapi/ExchangeApiApp.scala
@@ -531,11 +531,9 @@ object ExchangeApiApp extends App
             .enableHttps(ConnectionContext.httpsServer(() => {               // Custom TLS parameters
               val engine: SSLEngine = sslContext.createSSLEngine()
 
-              engine.setEnabledProtocols(Array("TLSv1.3", "TLSv1.2"))                       // TLSv1.2 is in support of OpenShift 4.6. HAPoxy router is built on top of RHEL7 which does not support TLSv1.3.
+              engine.setEnabledProtocols(Array("TLSv1.3"))
               engine.setEnabledCipherSuites(Array("TLS_AES_256_GCM_SHA384",
-                                                  "TLS_CHACHA20_POLY1305_SHA256",
-                                                  "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-                                                  "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"))
+                                                  "TLS_CHACHA20_POLY1305_SHA256"))
               engine.setUseClientMode(false)
               engine
             }))

diff --git a/src/main/scala/org/openhorizon/exchangeapi/auth/cloud/IBM.scala b/src/main/scala/org/openhorizon/exchangeapi/auth/cloud/IBM.scala