From 1459dd491da17dc6e54227cfeeb962e0006877db Mon Sep 17 00:00:00 2001
From: Peter-Josef Meisch <pj.meisch@sothawo.com>
Date: Thu, 16 Apr 2020 21:44:53 +0200
Subject: [PATCH] DATAES-778 - Fix SSL setup in the reactive client.

Original PR: #429

(cherry picked from commit 539c1ee6e75968b5874cd05a99be78079ecd9cc9)
---
 .../DefaultReactiveElasticsearchClient.java       | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/springframework/data/elasticsearch/client/reactive/DefaultReactiveElasticsearchClient.java b/src/main/java/org/springframework/data/elasticsearch/client/reactive/DefaultReactiveElasticsearchClient.java
index 8e7decafc..9f95c5b89 100644
--- a/src/main/java/org/springframework/data/elasticsearch/client/reactive/DefaultReactiveElasticsearchClient.java
+++ b/src/main/java/org/springframework/data/elasticsearch/client/reactive/DefaultReactiveElasticsearchClient.java
@@ -16,7 +16,9 @@
 package org.springframework.data.elasticsearch.client.reactive;
 
 import io.netty.channel.ChannelOption;
+import io.netty.handler.ssl.ApplicationProtocolConfig;
 import io.netty.handler.ssl.ClientAuth;
+import io.netty.handler.ssl.IdentityCipherSuiteFilter;
 import io.netty.handler.ssl.JdkSslContext;
 import io.netty.handler.timeout.ReadTimeoutHandler;
 import io.netty.handler.timeout.WriteTimeoutHandler;
@@ -210,11 +212,16 @@ public class DefaultReactiveElasticsearchClient implements ReactiveElasticsearch
 
 		if (clientConfiguration.useSsl()) {
 
-			httpClient = httpClient.secure(sslConfig -> {
+			Optional<SSLContext> sslContext = clientConfiguration.getSslContext();
 
-				Optional<SSLContext> sslContext = clientConfiguration.getSslContext();
-				sslContext.ifPresent(it -> sslConfig.sslContext(new JdkSslContext(it, true, ClientAuth.NONE)));
-			});
+			if (sslContext.isPresent()) {
+				httpClient = httpClient.secure(sslContextSpec -> {
+					sslContextSpec.sslContext(new JdkSslContext(sslContext.get(), true, null, IdentityCipherSuiteFilter.INSTANCE,
+							ApplicationProtocolConfig.DISABLED, ClientAuth.NONE, null, false));
+				});
+			} else {
+				httpClient = httpClient.secure();
+			}
 
 			scheme = "https";
 		}