summaryrefslogtreecommitdiffstats
path: root/controller-server
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@verizonmedia.com>2019-01-23 11:41:51 +0100
committerBjørn Christian Seime <bjorncs@verizonmedia.com>2019-01-23 16:33:56 +0100
commita0781f51282f8e0c489013208295947d998ca55c (patch)
tree7fa9073a03713c96f4f5f40317f9305f0f3cf810 /controller-server
parent6b450ba5b8b4f1f2a820e44e4c0f71745f363dd9 (diff)
Use Jetty's recommendations for ciphers
Diffstat (limited to 'controller-server')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java7
1 files changed, 0 insertions, 7 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java
index 81a0a314dc5..d20c86528a5 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java
@@ -17,7 +17,6 @@ import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
-import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@@ -58,12 +57,6 @@ public class ControllerSslContextFactoryProvider extends AbstractComponent imple
/** Create a SslContextFactory backed by an in-memory key and trust store */
private SslContextFactory createSslContextFactory(int port) {
SslContextFactory factory = new SslContextFactory();
- // TODO Remove cipher exclusions on Vespa 7 (require ciphers with forward secrecy)
- // Do not exclude TLS_RSA_* ciphers
- String[] excludedCiphers = Arrays.stream(factory.getExcludeCipherSuites())
- .filter(cipherPattern -> !cipherPattern.equals("^TLS_RSA_.*$"))
- .toArray(String[]::new);
- factory.setExcludeCipherSuites(excludedCiphers);
if (port != 443) {
factory.setWantClientAuth(true);
}