diff options
author | Jon Marius Venstad <venstad@gmail.com> | 2021-02-22 16:51:26 +0100 |
---|---|---|
committer | Jon Marius Venstad <venstad@gmail.com> | 2021-02-22 16:51:26 +0100 |
commit | 3c4ed640ad8c448e9397bd3a87c64aa5d37539fa (patch) | |
tree | e34bb91c1d7dbdcb4bf771ff2a7a9d79e0496f4e /hosted-api | |
parent | 950c00e443ba68920af83363a99232b60bf43246 (diff) |
Force TLSv1.2 for controller client
Diffstat (limited to 'hosted-api')
-rw-r--r-- | hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java b/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java index f17816f224d..0cc80bcb111 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java @@ -18,6 +18,7 @@ import com.yahoo.slime.SlimeUtils; import com.yahoo.text.Utf8; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -433,13 +434,19 @@ public abstract class ControllerHttpClient { private static class MutualTlsControllerHttpClient extends ControllerHttpClient { private MutualTlsControllerHttpClient(URI endpoint, SSLContext sslContext) { - super(endpoint, HttpClient.newBuilder().sslContext(sslContext)); + super(endpoint, HttpClient.newBuilder().sslContext(sslContext).sslParameters(tlsv12Parameters(sslContext))); } private MutualTlsControllerHttpClient(URI endpoint, PrivateKey privateKey, List<X509Certificate> certs) { this(endpoint, new SslContextBuilder().withKeyStore(privateKey, certs).build()); } + private static SSLParameters tlsv12Parameters(SSLContext sslContext) { + SSLParameters parameters = sslContext.getDefaultSSLParameters(); + parameters.setProtocols(new String[]{ "TLSv1.2" }); + return parameters; + } + } |