diff options
| author | Jon Marius Venstad <jonmv@users.noreply.github.com> | 2021-02-22 16:53:15 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-22 16:53:15 +0100 |
| commit | 548f94928d94d67f966f39fad797129a50412a59 (patch) | |
| tree | b8bf1d9fa839f81aea7fb94de9ff764dcdea0266 | |
| parent | 6df964118df235568572042f21de40d8243c237d (diff) | |
| parent | 3c4ed640ad8c448e9397bd3a87c64aa5d37539fa (diff) | |
Merge pull request #16635 from vespa-engine/jonmv/tls12-for-controller-client
Force TLSv1.2 for controller client
| -rw-r--r-- | hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java | 9 | ||||
| -rw-r--r-- | tenant-cd-commons/src/main/java/ai/vespa/hosted/cd/commons/HttpEndpoint.java | 2 |
2 files changed, 9 insertions, 2 deletions
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java b/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java index f17816f224d..0cc80bcb111 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java @@ -18,6 +18,7 @@ import com.yahoo.slime.SlimeUtils; import com.yahoo.text.Utf8; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -433,13 +434,19 @@ public abstract class ControllerHttpClient { private static class MutualTlsControllerHttpClient extends ControllerHttpClient { private MutualTlsControllerHttpClient(URI endpoint, SSLContext sslContext) { - super(endpoint, HttpClient.newBuilder().sslContext(sslContext)); + super(endpoint, HttpClient.newBuilder().sslContext(sslContext).sslParameters(tlsv12Parameters(sslContext))); } private MutualTlsControllerHttpClient(URI endpoint, PrivateKey privateKey, List<X509Certificate> certs) { this(endpoint, new SslContextBuilder().withKeyStore(privateKey, certs).build()); } + private static SSLParameters tlsv12Parameters(SSLContext sslContext) { + SSLParameters parameters = sslContext.getDefaultSSLParameters(); + parameters.setProtocols(new String[]{ "TLSv1.2" }); + return parameters; + } + } diff --git a/tenant-cd-commons/src/main/java/ai/vespa/hosted/cd/commons/HttpEndpoint.java b/tenant-cd-commons/src/main/java/ai/vespa/hosted/cd/commons/HttpEndpoint.java index cf8865df878..ab7a9abaa74 100644 --- a/tenant-cd-commons/src/main/java/ai/vespa/hosted/cd/commons/HttpEndpoint.java +++ b/tenant-cd-commons/src/main/java/ai/vespa/hosted/cd/commons/HttpEndpoint.java @@ -32,7 +32,7 @@ public class HttpEndpoint implements Endpoint { this.endpoint = requireNonNull(endpoint); this.authenticator = requireNonNull(authenticator); SSLParameters sslParameters = new SSLParameters(); - sslParameters.setProtocols(new String[] {"TLSv1.2" }); + sslParameters.setProtocols(new String[] { "TLSv1.2" }); this.client = HttpClient.newBuilder() .sslContext(authenticator.sslContext()) .connectTimeout(Duration.ofSeconds(5)) |