Allow SSLContext implementation that supports TLSv1.3+

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-12-03 14:35:49 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-01-31 14:14:22 +0100
commit: c9b2ce768dfd2ed87558a88fc0b91dd0f15fb403 (patch)
tree: 2a0a87a3ab5c3b04d870376736c328a635d1496f
parent: b3655490b81adede60634fc6a11ab6d980c64968 (diff)
2 files changed, 3 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
index e12ea3cf47d..886cf3e886b 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
@@ -35,7 +35,7 @@ public interface TlsContext extends AutoCloseable {
             "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3, Java 12
 
     Set<String> ALLOWED_PROTOCOLS = com.yahoo.vespa.jdk8compat.Set.of("TLSv1.2"); // TODO Enable TLSv1.3
-    String SSL_CONTEXT_VERSION = "TLSv1.2"; // TODO Enable TLSv1.3
+    String SSL_CONTEXT_VERSION = "TLS"; // Use SSLContext implementations that supports all TLS versions
 
     /**
      * @return the allowed cipher suites supported by the provided context instance
diff --git a/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java b/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java
index 0981ae615df..863d2dba708 100644
--- a/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java
+++ b/zookeeper-server/zookeeper-server-3.5/src/test/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImplTest.java
@@ -221,7 +221,7 @@ public class VespaZooKeeperServerImplTest {
                "ssl.quorum.clientAuth=NEED\n" +
                "ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n" +
                "ssl.quorum.enabledProtocols=TLSv1.2\n" +
-               "ssl.quorum.protocol=TLSv1.2\n";
+               "ssl.quorum.protocol=TLS\n";
     }
 
     private String commonTlsClientServerConfig() {
@@ -229,7 +229,7 @@ public class VespaZooKeeperServerImplTest {
                "ssl.clientAuth=NEED\n" +
                "ssl.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n" +
                "ssl.enabledProtocols=TLSv1.2\n" +
-               "ssl.protocol=TLSv1.2\n";
+               "ssl.protocol=TLS\n";
     }
 
     private void validateConfigFileMultipleHosts(File cfgFile) throws IOException {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-12-03 14:35:49 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-01-31 14:14:22 +0100
commit	c9b2ce768dfd2ed87558a88fc0b91dd0f15fb403 (patch)
tree	2a0a87a3ab5c3b04d870376736c328a635d1496f
parent	b3655490b81adede60634fc6a11ab6d980c64968 (diff)