summaryrefslogtreecommitdiffstats
path: root/node-admin
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@yahooinc.com>2022-12-19 16:04:48 +0100
committerBjørn Christian Seime <bjorncs@yahooinc.com>2023-01-06 11:33:59 +0100
commit6e162af9a091d2ac1c229281c47349e46d6c8239 (patch)
tree7acb73d5a41283608bd07d96e3db7b8b56f87eca /node-admin
parent7d839355259eca823da9396c1ed15b43f7c98768 (diff)
Ensure that HTTPS clients only use allowed ciphers and protocol versions
Diffstat (limited to 'node-admin')
-rw-r--r--node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java5
1 files changed, 3 insertions, 2 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java
index 506ab842cff..61ee612e3de 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java
@@ -1,6 +1,7 @@
// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.node.admin.configserver;
+import ai.vespa.util.http.hc4.SslConnectionSocketFactory;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.yahoo.config.provision.HostName;
@@ -85,7 +86,7 @@ public class ConfigServerApiImpl implements ConfigServerApi {
private ConfigServerApiImpl(Collection<URI> configServers,
HostnameVerifier verifier,
ServiceIdentityProvider identityProvider) {
- this(configServers, createClient(new SSLConnectionSocketFactory(new ServiceIdentitySslSocketFactory(identityProvider), verifier)));
+ this(configServers, createClient(SslConnectionSocketFactory.of(new ServiceIdentitySslSocketFactory(identityProvider), verifier)));
}
private ConfigServerApiImpl(Collection<URI> configServers, CloseableHttpClient client) {
@@ -94,7 +95,7 @@ public class ConfigServerApiImpl implements ConfigServerApi {
}
public static ConfigServerApiImpl createForTesting(List<URI> configServerHosts) {
- return new ConfigServerApiImpl(configServerHosts, createClient(SSLConnectionSocketFactory.getSocketFactory()));
+ return new ConfigServerApiImpl(configServerHosts, createClient(SslConnectionSocketFactory.of()));
}
static ConfigServerApiImpl createForTestingWithClient(List<URI> configServerHosts,