aboutsummaryrefslogtreecommitdiffstats
path: root/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@yahooinc.com>2023-06-20 15:55:47 +0200
committerBjørn Christian Seime <bjorncs@yahooinc.com>2023-07-20 16:40:21 +0200
commitad7707a29b02872e2ab45fbbf22205fbee34ab97 (patch)
tree030b674e115fae841de9b81f37771024c6ee2b67 /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
parentddcf4413c2535fb0b107aa27a3e9e4fbca7e9754 (diff)
Enable TLSv1.3 for hosted endpoints
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java')
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java3
1 files changed, 1 insertions, 2 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index cebe08288f6..a4a4210f8cc 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -56,8 +56,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
new ConnectorConfig.TlsClientAuthEnforcer.Builder()
.pathWhitelist(List.of("/status.html")).enable(true));
}
- // Disables TLSv1.3 as it causes some browsers to prompt user for client certificate (when connector has 'want' auth)
- connectorBuilder.ssl.enabledProtocols(List.of("TLSv1.2"));
+ connectorBuilder.ssl.enabledProtocols(TlsContext.ALLOWED_PROTOCOLS);
if (!tlsCiphersOverride.isEmpty()) {
connectorBuilder.ssl.enabledCipherSuites(tlsCiphersOverride.stream().sorted().toList());
} else {