diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-06-20 15:55:47 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-07-20 16:40:21 +0200 |
commit | ad7707a29b02872e2ab45fbbf22205fbee34ab97 (patch) | |
tree | 030b674e115fae841de9b81f37771024c6ee2b67 /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | |
parent | ddcf4413c2535fb0b107aa27a3e9e4fbca7e9754 (diff) |
Enable TLSv1.3 for hosted endpoints
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index cebe08288f6..a4a4210f8cc 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -56,8 +56,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { new ConnectorConfig.TlsClientAuthEnforcer.Builder() .pathWhitelist(List.of("/status.html")).enable(true)); } - // Disables TLSv1.3 as it causes some browsers to prompt user for client certificate (when connector has 'want' auth) - connectorBuilder.ssl.enabledProtocols(List.of("TLSv1.2")); + connectorBuilder.ssl.enabledProtocols(TlsContext.ALLOWED_PROTOCOLS); if (!tlsCiphersOverride.isEmpty()) { connectorBuilder.ssl.enabledCipherSuites(tlsCiphersOverride.stream().sorted().toList()); } else { |