Ensure that HTTPS clients only use allowed ciphers and protocol versions

author: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-12-19 16:04:48 +0100
committer: Bjørn Christian Seime <bjorncs@yahooinc.com> 2023-01-09 11:14:56 +0100
commit: 462fd256f43cfa3ed8b3fcff0729dbf459844172 (patch)
tree: 6a20bbe22cc93f0464f1596615d6681bc5104ae1 /node-admin
parent: 0796ad7fd3a85d360df2742a408545703d2c2368 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java
index 506ab842cff..61ee612e3de 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java
@@ -1,6 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.configserver;
 
+import ai.vespa.util.http.hc4.SslConnectionSocketFactory;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.yahoo.config.provision.HostName;
@@ -85,7 +86,7 @@ public class ConfigServerApiImpl implements ConfigServerApi {
     private ConfigServerApiImpl(Collection<URI> configServers,
                                 HostnameVerifier verifier,
                                 ServiceIdentityProvider identityProvider) {
-        this(configServers, createClient(new SSLConnectionSocketFactory(new ServiceIdentitySslSocketFactory(identityProvider), verifier)));
+        this(configServers, createClient(SslConnectionSocketFactory.of(new ServiceIdentitySslSocketFactory(identityProvider), verifier)));
     }
 
     private ConfigServerApiImpl(Collection<URI> configServers, CloseableHttpClient client) {
@@ -94,7 +95,7 @@ public class ConfigServerApiImpl implements ConfigServerApi {
     }
 
     public static ConfigServerApiImpl createForTesting(List<URI> configServerHosts) {
-        return new ConfigServerApiImpl(configServerHosts, createClient(SSLConnectionSocketFactory.getSocketFactory()));
+        return new ConfigServerApiImpl(configServerHosts, createClient(SslConnectionSocketFactory.of()));
     }
 
     static ConfigServerApiImpl createForTestingWithClient(List<URI> configServerHosts,
author	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-12-19 16:04:48 +0100
committer	Bjørn Christian Seime <bjorncs@yahooinc.com>	2023-01-09 11:14:56 +0100
commit	462fd256f43cfa3ed8b3fcff0729dbf459844172 (patch)
tree	6a20bbe22cc93f0464f1596615d6681bc5104ae1 /node-admin
parent	0796ad7fd3a85d360df2742a408545703d2c2368 (diff)