diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-05 17:47:09 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-05 17:47:12 +0200 |
commit | 1699d31028f56cce152d304e4b2377cfef4932c0 (patch) | |
tree | 3e42edff258d8f2dc14dc0e1069c2009706f91e4 /jdisc_http_service/src | |
parent | effa026363d34562643387373213e5059ad4f365 (diff) |
Allow TLS_RSA* ciphers in JDisc with Jetty 9.4.12+
Jetty 9.4.12+ disables all TLS_RSA ciphers by default
(https://github.com/eclipse/jetty.project/issues/2807).
Diffstat (limited to 'jdisc_http_service/src')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index d4645db88f8..ddddbb76678 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -24,6 +24,8 @@ import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.ssl.SslContextFactory; import java.nio.channels.ServerSocketChannel; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.function.BiConsumer; import java.util.function.Function; @@ -106,6 +108,13 @@ public class ConnectorFactory { factory.setSecureRandomAlgorithm(sslConfig.prng()); } + // NOTE: ^TLS_RSA_.*$ ciphers are disabled by default in Jetty 9.4.12+ (https://github.com/eclipse/jetty.project/issues/2807) + // JDisc will allow these ciphers by default to support older clients (e.g. Java 8u60 and curl 7.29.0) + String[] excludedCiphersWithoutTlsRsaExclusion = Arrays.stream(factory.getExcludeCipherSuites()) + .filter(cipher -> !cipher.equals("^TLS_RSA_.*$")) + .toArray(String[]::new); + factory.setExcludeProtocols(excludedCiphersWithoutTlsRsaExclusion); + setStringArrayParameter( factory, sslConfig.excludeProtocol(), ExcludeProtocol::name, SslContextFactory::setExcludeProtocols); setStringArrayParameter( |