Expand utility method in SSLTestBase

Bouncheck · Bouncheck · commit 536b74017f43 · 2025-09-23T12:09:34.000+02:00
Adds new parameter allowing to specify protocol for SSLContext
when using `getSSLOptions`.
diff --git a/driver-core/src/test/java/com/datastax/driver/core/SSLTestBase.java b/driver-core/src/test/java/com/datastax/driver/core/SSLTestBase.java
@@ -82,11 +82,15 @@ enum SslImplementation {
    * @param sslImplementation the SSL implementation to use
    * @param clientAuth whether the client should authenticate
    * @param trustingServer whether the client should trust the server's certificate
+   * @param protocol SSLContext protocol to use, e.g. TLSv1.2
    * @return {@link com.datastax.driver.core.SSLOptions} with the given configuration for server
    *     certificate validation and client certificate authentication.
    */
   public SSLOptions getSSLOptions(
-      SslImplementation sslImplementation, boolean clientAuth, boolean trustingServer)
+      SslImplementation sslImplementation,
+      boolean clientAuth,
+      boolean trustingServer,
+      String protocol)
       throws Exception {
 
     TrustManagerFactory tmf = null;
@@ -113,7 +117,7 @@ public SSLOptions getSSLOptions(
           kmf.init(ks, CCMBridge.DEFAULT_CLIENT_KEYSTORE_PASSWORD.toCharArray());
         }
 
-        SSLContext sslContext = SSLContext.getInstance("TLS");
+        SSLContext sslContext = SSLContext.getInstance(protocol);
         sslContext.init(
             kmf != null ? kmf.getKeyManagers() : null,
             tmf != null ? tmf.getTrustManagers() : null,
@@ -125,6 +129,14 @@ public SSLOptions getSSLOptions(
         SslContextBuilder builder =
             SslContextBuilder.forClient().sslProvider(OPENSSL).trustManager(tmf);
 
+        if (protocol.equals("TLS") || protocol.isEmpty()) {
+          // There is no netty constant for "TLS". Use defaults.
+          // see
+          // https://netty.io/4.1/api/constant-values.html#io.netty.handler.ssl.SslProtocols.SSL_v2
+        } else {
+          builder.protocols(protocol);
+        }
+
         if (clientAuth) {
           builder.keyManager(
               CCMBridge.DEFAULT_CLIENT_CERT_CHAIN_FILE, CCMBridge.DEFAULT_CLIENT_PRIVATE_KEY_FILE);
@@ -136,4 +148,15 @@ public SSLOptions getSSLOptions(
         return null;
     }
   }
+
+  /**
+   * Legacy method using "TLS" as the protocol.
+   *
+   * @see SSLTestBase#getSSLOptions(SslImplementation, boolean, boolean, String)
+   */
+  public SSLOptions getSSLOptions(
+      SslImplementation sslImplementation, boolean clientAuth, boolean trustingServer)
+      throws Exception {
+    return getSSLOptions(sslImplementation, clientAuth, trustingServer, "TLS");
+  }
 }
