diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-02-18 19:01:36 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-02-18 19:01:40 +0100 |
commit | 8af057dfde3f4c3feedf7f87db1b39810c521117 (patch) | |
tree | 6177ae28e527eb45a4b5637f71621c40daf70ef8 /jrt | |
parent | ddb14fb5ffc9178ded108447f65bd85adc1bb5d8 (diff) |
Disable TLSv1.3 for jrt
Diffstat (limited to 'jrt')
-rw-r--r-- | jrt/src/com/yahoo/jrt/TlsCryptoSocket.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java index 56d096347b3..91dbfccb203 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java @@ -49,6 +49,7 @@ public class TlsCryptoSocket implements CryptoSocket { private AuthorizationResult authorizationResult; public TlsCryptoSocket(SocketChannel channel, SSLEngine sslEngine) { + disableTlsv13(sslEngine); this.channel = channel; this.sslEngine = sslEngine; SSLSession nullSession = sslEngine.getSession(); @@ -324,4 +325,12 @@ public class TlsCryptoSocket implements CryptoSocket { throw new SSLException("Handshake not completed: handshakeState=" + handshakeState); } + private static void disableTlsv13(SSLEngine sslEngine) { + String[] filteredProtocols = Arrays.stream(sslEngine.getEnabledProtocols()) + .filter(p -> !p.equals("TLSv1.3")) + .toArray(String[]::new); + if (filteredProtocols.length == 0) throw new IllegalArgumentException("JRT does not support TLSv1.3"); + sslEngine.setEnabledProtocols(filteredProtocols); + } + } |