diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-12-19 16:04:48 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-01-06 11:33:59 +0100 |
commit | 6e162af9a091d2ac1c229281c47349e46d6c8239 (patch) | |
tree | 7acb73d5a41283608bd07d96e3db7b8b56f87eca /node-admin | |
parent | 7d839355259eca823da9396c1ed15b43f7c98768 (diff) |
Ensure that HTTPS clients only use allowed ciphers and protocol versions
Diffstat (limited to 'node-admin')
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java index 506ab842cff..61ee612e3de 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java @@ -1,6 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.configserver; +import ai.vespa.util.http.hc4.SslConnectionSocketFactory; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import com.yahoo.config.provision.HostName; @@ -85,7 +86,7 @@ public class ConfigServerApiImpl implements ConfigServerApi { private ConfigServerApiImpl(Collection<URI> configServers, HostnameVerifier verifier, ServiceIdentityProvider identityProvider) { - this(configServers, createClient(new SSLConnectionSocketFactory(new ServiceIdentitySslSocketFactory(identityProvider), verifier))); + this(configServers, createClient(SslConnectionSocketFactory.of(new ServiceIdentitySslSocketFactory(identityProvider), verifier))); } private ConfigServerApiImpl(Collection<URI> configServers, CloseableHttpClient client) { @@ -94,7 +95,7 @@ public class ConfigServerApiImpl implements ConfigServerApi { } public static ConfigServerApiImpl createForTesting(List<URI> configServerHosts) { - return new ConfigServerApiImpl(configServerHosts, createClient(SSLConnectionSocketFactory.getSocketFactory())); + return new ConfigServerApiImpl(configServerHosts, createClient(SslConnectionSocketFactory.of())); } static ConfigServerApiImpl createForTestingWithClient(List<URI> configServerHosts, |