Ensure that HTTPS clients only use allowed ciphers and protocol versions

author: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-12-19 16:04:48 +0100
committer: Bjørn Christian Seime <bjorncs@yahooinc.com> 2023-01-06 11:33:59 +0100
commit: 6e162af9a091d2ac1c229281c47349e46d6c8239 (patch)
tree: 7acb73d5a41283608bd07d96e3db7b8b56f87eca /security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
parent: 7d839355259eca823da9396c1ed15b43f7c98768 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
index d91c47e5eed..9b26b79a960 100644
--- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
+++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
@@ -1,6 +1,8 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.security;
 
+import com.yahoo.security.tls.TlsContext;
+
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
@@ -129,7 +131,7 @@ public class SslContextBuilder {
 
     public SSLContext build() {
         try {
-            SSLContext sslContext = SSLContext.getInstance("TLS");
+            SSLContext sslContext = SSLContext.getInstance(TlsContext.SSL_CONTEXT_VERSION);
             X509ExtendedTrustManager trustManager = this.trustManager != null
                     ? this.trustManager
                     : trustManagerFactory.createTrustManager(trustStoreSupplier.get());
author	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-12-19 16:04:48 +0100
committer	Bjørn Christian Seime <bjorncs@yahooinc.com>	2023-01-06 11:33:59 +0100
commit	6e162af9a091d2ac1c229281c47349e46d6c8239 (patch)
tree	7acb73d5a41283608bd07d96e3db7b8b56f87eca /security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
parent	7d839355259eca823da9396c1ed15b43f7c98768 (diff)