summaryrefslogtreecommitdiffstats
path: root/hosted-api
diff options
context:
space:
mode:
authorJon Marius Venstad <venstad@gmail.com>2021-02-22 16:51:26 +0100
committerJon Marius Venstad <venstad@gmail.com>2021-02-22 16:51:26 +0100
commit3c4ed640ad8c448e9397bd3a87c64aa5d37539fa (patch)
treee34bb91c1d7dbdcb4bf771ff2a7a9d79e0496f4e /hosted-api
parent950c00e443ba68920af83363a99232b60bf43246 (diff)
Force TLSv1.2 for controller client
Diffstat (limited to 'hosted-api')
-rw-r--r--hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java9
1 files changed, 8 insertions, 1 deletions
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java b/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java
index f17816f224d..0cc80bcb111 100644
--- a/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java
+++ b/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java
@@ -18,6 +18,7 @@ import com.yahoo.slime.SlimeUtils;
import com.yahoo.text.Utf8;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLParameters;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -433,13 +434,19 @@ public abstract class ControllerHttpClient {
private static class MutualTlsControllerHttpClient extends ControllerHttpClient {
private MutualTlsControllerHttpClient(URI endpoint, SSLContext sslContext) {
- super(endpoint, HttpClient.newBuilder().sslContext(sslContext));
+ super(endpoint, HttpClient.newBuilder().sslContext(sslContext).sslParameters(tlsv12Parameters(sslContext)));
}
private MutualTlsControllerHttpClient(URI endpoint, PrivateKey privateKey, List<X509Certificate> certs) {
this(endpoint, new SslContextBuilder().withKeyStore(privateKey, certs).build());
}
+ private static SSLParameters tlsv12Parameters(SSLContext sslContext) {
+ SSLParameters parameters = sslContext.getDefaultSSLParameters();
+ parameters.setProtocols(new String[]{ "TLSv1.2" });
+ return parameters;
+ }
+
}