diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2023-07-21 09:14:50 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-21 09:14:50 +0200 |
commit | ef7a3efa5f9f2647e4e3ef61c21295e9f60fe793 (patch) | |
tree | f8c32b91e27e738ef791b4ae2edbe46c5d258f54 /config-model | |
parent | 8d315ba956eb0dc814e92e180e3b8533b81c6e61 (diff) | |
parent | ad7707a29b02872e2ab45fbbf22205fbee34ab97 (diff) |
Merge pull request #27857 from vespa-engine/bjorncs/tls13
Bjorncs/tls13
Diffstat (limited to 'config-model')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index cebe08288f6..a4a4210f8cc 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -56,8 +56,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { new ConnectorConfig.TlsClientAuthEnforcer.Builder() .pathWhitelist(List.of("/status.html")).enable(true)); } - // Disables TLSv1.3 as it causes some browsers to prompt user for client certificate (when connector has 'want' auth) - connectorBuilder.ssl.enabledProtocols(List.of("TLSv1.2")); + connectorBuilder.ssl.enabledProtocols(TlsContext.ALLOWED_PROTOCOLS); if (!tlsCiphersOverride.isEmpty()) { connectorBuilder.ssl.enabledCipherSuites(tlsCiphersOverride.stream().sorted().toList()); } else { |