Merge pull request #27857 from vespa-engine/bjorncs/tls13

Bjorncs/tls13
author: Bjørn Christian Seime <bjorn.christian@seime.no> 2023-07-21 09:14:50 +0200
committer: GitHub <noreply@github.com> 2023-07-21 09:14:50 +0200
commit: ef7a3efa5f9f2647e4e3ef61c21295e9f60fe793 (patch)
tree: f8c32b91e27e738ef791b4ae2edbe46c5d258f54 /config-model
parent: 8d315ba956eb0dc814e92e180e3b8533b81c6e61 (diff)
parent: ad7707a29b02872e2ab45fbbf22205fbee34ab97 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index cebe08288f6..a4a4210f8cc 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -56,8 +56,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
                     new ConnectorConfig.TlsClientAuthEnforcer.Builder()
                             .pathWhitelist(List.of("/status.html")).enable(true));
         }
-        // Disables TLSv1.3 as it causes some browsers to prompt user for client certificate (when connector has 'want' auth)
-        connectorBuilder.ssl.enabledProtocols(List.of("TLSv1.2"));
+        connectorBuilder.ssl.enabledProtocols(TlsContext.ALLOWED_PROTOCOLS);
         if (!tlsCiphersOverride.isEmpty()) {
             connectorBuilder.ssl.enabledCipherSuites(tlsCiphersOverride.stream().sorted().toList());
         } else {
author	Bjørn Christian Seime <bjorn.christian@seime.no>	2023-07-21 09:14:50 +0200
committer	GitHub <noreply@github.com>	2023-07-21 09:14:50 +0200
commit	ef7a3efa5f9f2647e4e3ef61c21295e9f60fe793 (patch)
tree	f8c32b91e27e738ef791b4ae2edbe46c5d258f54 /config-model
parent	8d315ba956eb0dc814e92e180e3b8533b81c6e61 (diff)
parent	ad7707a29b02872e2ab45fbbf22205fbee34ab97 (diff)