[security] Allow to config web server's cipher and protocols

[hezhangjian]

Motivation

For the security, people want to config the support ciphers and protocols

Modifications

• Allow the broker and proxy config web server's ciphers and protocols
• By default, ciphers and protocols are null, same as before.

Documentation

Check the box below and label this PR (if you have committer privilege).

Need to update docs?

• doc

  this PR contains config file change. IMHO, the doc will be auto generated.

[zymap]

Could you please add a test to cover this?

[hezhangjian]

Could you please add a test to cover this?

Yes, add tests to test ciphers and protocols on jetty server.

[eolivelli]

Overall it looks good to me
I left some comments about the tests

[eolivelli]

LGTM

[hezhangjian]

@codelipenghui @lhotari @michaeljmarshall @merlimat @315157973 @hangc0276 PTAL, thanks

[hezhangjian]

@eolivelli PTAL, again, thanks

[hezhangjian]

/pulsarbot run-failure-checks

[hezhangjian]

@eolivelli PTAL, again, thanks

[eolivelli]

Lgtm

[BewareMyPower]

JettySslContextFactoryWithAutoRefreshTest failed with JDK 8.

It looks like our tests are all based on JDK 11 currently so that this test failure was not detected. And I found some other PRs that rely on this PR.

/cc @codelipenghui @eolivelli @nodece @michaeljmarshall

[BewareMyPower]

It looks like it's because the JKS files are generated by a higher version JDK.

IMO, committing binaries files are terrible to maintain for developers. It's necessary to describe how to generate this files if we need to do so. Or should we add the steps to CI instead of uploading these binaries?

[nodece]

I found some answers:

• https://stackoverflow.com/questions/1052700/java-io-ioexception-invalid-keystore-format
• https://bugs.openjdk.java.net/browse/JDK-8228481

[hezhangjian]

@BewareMyPower what's your java8 version, I remember it needs higher java8 version.

[BewareMyPower]

1.8.0_261

[BewareMyPower]

I remember it needs higher java8 version.

It's right. I switched to 1.8.0_332 and it works now.

[michaeljmarshall]

IMO, committing binaries files are terrible to maintain for developers. It's necessary to describe how to generate this files if we need to do so. Or should we add the steps to CI instead of uploading these binaries?

I agree. We could require adding a README.md in the same directory as the file with instructions on how to re-build the binaries. This will help PR reviewers and make maintenance easier (especially for things like certs that have expiration dates in the near future).

[BewareMyPower]

especially for things like certs that have expiration dates in the near future

Yeah, there was once a similar issue (#9607) that broke the whole CI.

[hezhangjian]

@michaeljmarshall @BewareMyPower Thanks for your advice, I will follow up on this.

[mattisonchao]

Hi @Shoothzj
There are a lot of conflicts when this PR is cherry-picked to 2.9, Could you please help push a new PR to branch-2.9?

[hezhangjian]

@mattisonchao I am afraid I don't have time this week. But don't worry, @Lico-Tom will help open a new PR

[mattisonchao]

@Shoothzj It looks like cherry-picked pull request a118ab9 already cover this change in branch-2.9. Could you have time to help check it?

[hezhangjian]

@mattisonchao Yes, It's already covered this change.

[BewareMyPower]

@mattisonchao @Shoothzj Does it mean there is no need to cherry-pick this PR? If yes, I think it would be better to remove all release/xxx labels and cherry-picked/xxx labels instead of marking this PR as "cherry-picked".

[BewareMyPower]

I removed these labels after confirming it from @mattisonchao.