diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-01-23 11:41:51 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-01-23 16:33:56 +0100 |
commit | a0781f51282f8e0c489013208295947d998ca55c (patch) | |
tree | 7fa9073a03713c96f4f5f40317f9305f0f3cf810 /controller-server | |
parent | 6b450ba5b8b4f1f2a820e44e4c0f71745f363dd9 (diff) |
Use Jetty's recommendations for ciphers
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java index 81a0a314dc5..d20c86528a5 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java @@ -17,7 +17,6 @@ import java.nio.file.Paths; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.X509Certificate; -import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; @@ -58,12 +57,6 @@ public class ControllerSslContextFactoryProvider extends AbstractComponent imple /** Create a SslContextFactory backed by an in-memory key and trust store */ private SslContextFactory createSslContextFactory(int port) { SslContextFactory factory = new SslContextFactory(); - // TODO Remove cipher exclusions on Vespa 7 (require ciphers with forward secrecy) - // Do not exclude TLS_RSA_* ciphers - String[] excludedCiphers = Arrays.stream(factory.getExcludeCipherSuites()) - .filter(cipherPattern -> !cipherPattern.equals("^TLS_RSA_.*$")) - .toArray(String[]::new); - factory.setExcludeCipherSuites(excludedCiphers); if (port != 443) { factory.setWantClientAuth(true); } |