logstash-plugins · kares · Mar 17, 2022 · Mar 15, 2022 · Mar 15, 2022 · Mar 15, 2022
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## 7.2.0
+  - Feat: add `ssl_supported_protocols` option [#40](https://github.com/logstash-plugins/logstash-mixin-http_client/pull/40) 
+
 ## 7.1.0
   - Feat: add `ssl_verification_mode` [#39](https://github.com/logstash-plugins/logstash-mixin-http_client/pull/39) 
 

diff --git a/lib/logstash/plugin_mixins/http_client.rb b/lib/logstash/plugin_mixins/http_client.rb
@@ -76,6 +76,9 @@ def setup_http_client_config
     #   none: no verification of the server’s certificate
     config :ssl_verification_mode, :validate => ['full', 'none'], :default => 'full'
 
+    # NOTE: the default setting [] uses Java SSL engine defaults.
+    config :ssl_supported_protocols, :validate => ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'], :default => [], :list => true
+
     # If you need to use a custom truststore (`.jks`) specify that here. This does not work with .pem certs!
     config :truststore, :validate => :path
 
@@ -187,6 +190,10 @@ def client_config
       c[:ssl][:verify] = :disable
     end
 
+    if @ssl_supported_protocols && @ssl_supported_protocols.any?
+      c[:ssl][:protocols] = @ssl_supported_protocols
+    end
+
     c
   end
 

diff --git a/logstash-mixin-http_client.gemspec b/logstash-mixin-http_client.gemspec
@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-mixin-http_client'
-  s.version         = '7.1.0'
+  s.version         = '7.2.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "AWS mixins to provide a unified interface for Amazon Webservice"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

diff --git a/spec/plugin_mixin/http_client_spec.rb b/spec/plugin_mixin/http_client_spec.rb
@@ -216,4 +216,39 @@ class Dummy < LogStash::Inputs::Base
     end
 
   end
+
+  describe "with supported protocols" do
+    context "default" do
+      let(:conf) { basic_config }
+
+      it "does not set manticore protocols option" do
+        expect( Dummy.new(conf).client_config[:ssl] ).to_not include :protocols
+      end
+    end
+
+    context "empty" do
+      let(:conf) { basic_config.merge("ssl_supported_protocols" => []) }
+
+      it "does not set manticore protocols option" do
+        expect( Dummy.new(conf).client_config[:ssl] ).to_not include :protocols
+      end
+    end
+
+    context "'TLSv1.3'" do
+      let(:conf) { basic_config.merge("ssl_supported_protocols" => ['TLSv1.3']) }
+
+      it "sets manticore protocols option" do
+        expect( Dummy.new(conf).client_config[:ssl] ).to include :protocols => ['TLSv1.3']
+      end
+    end
+
+    context "'TLSv1.2' and 'TLSv1.3'" do
+      let(:conf) { basic_config.merge("ssl_supported_protocols" => ['TLSv1.3', 'TLSv1.2']) }
+
+      it "sets manticore protocols option" do
+        expect( Dummy.new(conf).client_config[:ssl] ).to include :protocols => ['TLSv1.3', 'TLSv1.2']
+      end
+    end
+
+  end
 end