Revert "Ensure that HTTPS clients only use allowed ciphers and protocol versions" (#25436)

1 files changed, 3 insertions, 4 deletions

diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc4/VespaHttpClientBuilder.java b/http-utils/src/main/java/ai/vespa/util/http/hc4/VespaHttpClientBuilder.java
index af01b123a27..953abcb04bc 100644
--- a/http-utils/src/main/java/ai/vespa/util/http/hc4/VespaHttpClientBuilder.java
+++ b/http-utils/src/main/java/ai/vespa/util/http/hc4/VespaHttpClientBuilder.java
@@ -29,8 +29,6 @@ import java.net.InetAddress;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import static ai.vespa.util.http.hc4.SslConnectionSocketFactory.noopVerifier;
-
 /**
  * Http client builder for internal Vespa communications over http/https.
  *
@@ -103,8 +101,9 @@ public class VespaHttpClientBuilder {
         }
     }
 
-    private static SSLConnectionSocketFactory createSslSocketFactory(TlsContext ctx) {
-        return SslConnectionSocketFactory.of(ctx, noopVerifier());
+    private static SSLConnectionSocketFactory createSslSocketFactory(TlsContext tlsContext) {
+        SSLParameters parameters = tlsContext.parameters();
+        return new SSLConnectionSocketFactory(tlsContext.context(), parameters.getProtocols(), parameters.getCipherSuites(), new NoopHostnameVerifier());
     }
 
     private static Registry<ConnectionSocketFactory> createRegistry(SSLConnectionSocketFactory sslSocketFactory) {