diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-10-04 12:49:34 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-10-04 12:49:34 +0200 |
commit | 6b596df9ad062cb86396035ffd5aa5b5cc967249 (patch) | |
tree | faf937509c537f118470efc8c96a155bcf8f805f | |
parent | 1c0f26aa1793c2fcfee88bc95220e3cd63db2b8c (diff) | |
parent | 00c635b01a9ff113cdeb94dd821e96521b41c655 (diff) |
Merge pull request #10877 from vespa-engine/bjorncs/jdisc-tls13
Bjorncs/jdisc tls13
5 files changed, 4 insertions, 7 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java index 6bc70ca12f0..afed3efb9f1 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java @@ -21,7 +21,6 @@ import java.util.Optional; import java.util.logging.Logger; import static java.util.stream.Collectors.toList; -import static javax.net.ssl.SSLEngineResult.HandshakeStatus; import static javax.net.ssl.SSLEngineResult.Status; /** @@ -247,7 +246,6 @@ public class TlsCryptoSocket implements CryptoSocket { private int applicationDataWrap(ByteBuffer src) throws IOException { SSLEngineResult result = sslEngineWrap(src); - if (result.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING) throw new SSLException("Renegotiation detected"); switch (result.getStatus()) { case OK: return result.bytesConsumed(); @@ -279,7 +277,6 @@ public class TlsCryptoSocket implements CryptoSocket { private int applicationDataUnwrap(ByteBuffer dst) throws IOException { SSLEngineResult result = sslEngineUnwrap(dst); - if (result.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING) throw new SSLException("Renegotiation detected"); switch (result.getStatus()) { case OK: return result.bytesProduced(); diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java index 4f8919cdd5e..08ebba1670d 100644 --- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java +++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java @@ -122,7 +122,7 @@ public class SslContextBuilder { public SSLContext build() { try { - SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); + SSLContext sslContext = SSLContext.getInstance("TLS"); TrustManager[] trustManagers = new TrustManager[] { trustManagerFactory.createTrustManager(trustStoreSupplier.get()) }; X509ExtendedKeyManager keyManager = this.keyManager != null ? this.keyManager diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java index ea26be0ef4f..e878ac33467 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java @@ -24,7 +24,7 @@ public interface TlsContext extends AutoCloseable { "TLS_AES_256_GCM_SHA384", // TLSv1.3 "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3 - Set<String> ALLOWED_PROTOCOLS = Set.of("TLSv1.2"); // TODO Enable TLSv1.3 + Set<String> ALLOWED_PROTOCOLS = Set.of("TLSv1.2", "TLSv1.3"); SSLContext context(); diff --git a/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java index 4e6f0a141b0..a62f13c731e 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java @@ -63,7 +63,7 @@ public class ConfigFileBasedTlsContextTest { assertThat(enabledCiphers).isSubsetOf(TlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0])); String[] enabledProtocols = sslEngine.getEnabledProtocols(); - assertThat(enabledProtocols).contains("TLSv1.2"); + assertThat(enabledProtocols).containsOnly(TlsContext.ALLOWED_PROTOCOLS.toArray(new String[0])); } } diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java index 727a64ae934..3a2eabd78b5 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java @@ -55,7 +55,7 @@ public class DefaultTlsContextTest { assertThat(enabledCiphers).isSubsetOf(TlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0])); String[] enabledProtocols = sslEngine.getEnabledProtocols(); - assertThat(enabledProtocols).contains("TLSv1.2"); + assertThat(enabledProtocols).containsOnly(TlsContext.ALLOWED_PROTOCOLS.toArray(new String[0])); } }
\ No newline at end of file |