diff options
author | Tor Brede Vekterli <vekterli@oath.com> | 2019-01-24 16:34:54 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-24 16:34:54 +0100 |
commit | 25f41d6c5fd105b47d9f0d0c1642f25fd9ac8795 (patch) | |
tree | b5e22db7bcee5a9d41da33f261c33f351307cad1 /controller-server | |
parent | 1ed75a5681fc19966fdb1940f3f55e6c8f5c2c76 (diff) | |
parent | e9fb2bbd3ceb780b48c9aa60026f4f096ba2cc50 (diff) |
Merge pull request #8218 from vespa-engine/bjorncs/tls
bjorncs/tls
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java index 81a0a314dc5..d20c86528a5 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java @@ -17,7 +17,6 @@ import java.nio.file.Paths; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.X509Certificate; -import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; @@ -58,12 +57,6 @@ public class ControllerSslContextFactoryProvider extends AbstractComponent imple /** Create a SslContextFactory backed by an in-memory key and trust store */ private SslContextFactory createSslContextFactory(int port) { SslContextFactory factory = new SslContextFactory(); - // TODO Remove cipher exclusions on Vespa 7 (require ciphers with forward secrecy) - // Do not exclude TLS_RSA_* ciphers - String[] excludedCiphers = Arrays.stream(factory.getExcludeCipherSuites()) - .filter(cipherPattern -> !cipherPattern.equals("^TLS_RSA_.*$")) - .toArray(String[]::new); - factory.setExcludeCipherSuites(excludedCiphers); if (port != 443) { factory.setWantClientAuth(true); } |