diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-02-23 10:31:02 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-02-23 10:31:02 +0100 |
commit | f2965149ca8e41c2da42ed5a0653136e6df118b7 (patch) | |
tree | 4a8a7cff84de8264521ee25c51775c48083e3017 /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | |
parent | f95c86bb12b8e26a2f822076ac1549cfc0184337 (diff) |
Disable TLSv1.3 on port 4443
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index 3bbfd5b9165..9f98fdb4ea2 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -73,6 +73,9 @@ public class HostedSslConnectorFactory extends ConnectorFactory { .pathWhitelist(INSECURE_WHITELISTED_PATHS) .enable(enforceClientAuth)); } + // Disables TLSv1.3 as it causes some browsers to prompt user for client certificate (when connector has 'want' auth) + connectorBuilder.ssl.enabledProtocols(List.of("TLSv1.2")); + connectorBuilder .proxyProtocol(new ConnectorConfig.ProxyProtocol.Builder().enabled(true).mixedMode(true)) .idleTimeout(Duration.ofMinutes(3).toSeconds()) |