aboutsummaryrefslogtreecommitdiffstats
path: root/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@yahooinc.com>2023-07-21 12:32:00 +0200
committerBjørn Christian Seime <bjorncs@yahooinc.com>2023-07-21 12:32:00 +0200
commit76657165e7295b6abda4f19a5b441a91c4e4b44f (patch)
tree12adf70208b948bd7ba657ea8f2af67cd8072eda /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
parent66287bbdcc6290e278fad3f37c044d3d13ef4395 (diff)
Revert "Enable TLSv1.3 for hosted endpoints"
This reverts commit ad7707a29b02872e2ab45fbbf22205fbee34ab97.
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java')
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index a4a4210f8cc..cebe08288f6 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -56,7 +56,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
new ConnectorConfig.TlsClientAuthEnforcer.Builder()
.pathWhitelist(List.of("/status.html")).enable(true));
}
- connectorBuilder.ssl.enabledProtocols(TlsContext.ALLOWED_PROTOCOLS);
+ // Disables TLSv1.3 as it causes some browsers to prompt user for client certificate (when connector has 'want' auth)
+ connectorBuilder.ssl.enabledProtocols(List.of("TLSv1.2"));
if (!tlsCiphersOverride.isEmpty()) {
connectorBuilder.ssl.enabledCipherSuites(tlsCiphersOverride.stream().sorted().toList());
} else {