aboutsummaryrefslogtreecommitdiffstats
path: root/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@verizonmedia.com>2021-02-23 10:31:02 +0100
committerBjørn Christian Seime <bjorncs@verizonmedia.com>2021-02-23 10:31:02 +0100
commitf2965149ca8e41c2da42ed5a0653136e6df118b7 (patch)
tree4a8a7cff84de8264521ee25c51775c48083e3017 /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
parentf95c86bb12b8e26a2f822076ac1549cfc0184337 (diff)
Disable TLSv1.3 on port 4443
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java')
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java3
1 files changed, 3 insertions, 0 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index 3bbfd5b9165..9f98fdb4ea2 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -73,6 +73,9 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
.pathWhitelist(INSECURE_WHITELISTED_PATHS)
.enable(enforceClientAuth));
}
+ // Disables TLSv1.3 as it causes some browsers to prompt user for client certificate (when connector has 'want' auth)
+ connectorBuilder.ssl.enabledProtocols(List.of("TLSv1.2"));
+
connectorBuilder
.proxyProtocol(new ConnectorConfig.ProxyProtocol.Builder().enabled(true).mixedMode(true))
.idleTimeout(Duration.ofMinutes(3).toSeconds())