diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-07-21 12:32:00 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-07-21 12:32:00 +0200 |
commit | 76657165e7295b6abda4f19a5b441a91c4e4b44f (patch) | |
tree | 12adf70208b948bd7ba657ea8f2af67cd8072eda /config-model | |
parent | 66287bbdcc6290e278fad3f37c044d3d13ef4395 (diff) |
Revert "Enable TLSv1.3 for hosted endpoints"
This reverts commit ad7707a29b02872e2ab45fbbf22205fbee34ab97.
Diffstat (limited to 'config-model')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index a4a4210f8cc..cebe08288f6 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -56,7 +56,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { new ConnectorConfig.TlsClientAuthEnforcer.Builder() .pathWhitelist(List.of("/status.html")).enable(true)); } - connectorBuilder.ssl.enabledProtocols(TlsContext.ALLOWED_PROTOCOLS); + // Disables TLSv1.3 as it causes some browsers to prompt user for client certificate (when connector has 'want' auth) + connectorBuilder.ssl.enabledProtocols(List.of("TLSv1.2")); if (!tlsCiphersOverride.isEmpty()) { connectorBuilder.ssl.enabledCipherSuites(tlsCiphersOverride.stream().sorted().toList()); } else { |