diff options
| author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-02-24 17:14:08 +0100 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-02-24 17:14:08 +0100 |
| commit | 23e018497c07d9a1e8451c3531dc073e93b73617 (patch) | |
| tree | 5986b3f493cfdd39cf0a595881cc4eb25539fbbb /security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java | |
| parent | 3e0954075fde4f01717c9a9e987231af95812a31 (diff) | |
Make TLS protocol version configurable in TLS config file
Only protocols listed in allowlist can be configured.
TLSv1.2 is the only supported version at the moment, but TLSv1.3 will most likely be included in the future.
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java')
| -rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java index 5db6d551193..82c19878dfb 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java @@ -30,6 +30,7 @@ public class TransportSecurityOptions { private final Path caCertificatesFile; private final AuthorizedPeers authorizedPeers; private final List<String> acceptedCiphers; + private final List<String> acceptedProtocols; private final boolean isHostnameValidationDisabled; private TransportSecurityOptions(Builder builder) { @@ -38,6 +39,7 @@ public class TransportSecurityOptions { this.caCertificatesFile = builder.caCertificatesFile; this.authorizedPeers = builder.authorizedPeers; this.acceptedCiphers = builder.acceptedCiphers; + this.acceptedProtocols = builder.acceptedProtocols; this.isHostnameValidationDisabled = builder.isHostnameValidationDisabled; } @@ -59,6 +61,8 @@ public class TransportSecurityOptions { public List<String> getAcceptedCiphers() { return acceptedCiphers; } + public List<String> getAcceptedProtocols() { return acceptedProtocols; } + public boolean isHostnameValidationDisabled() { return isHostnameValidationDisabled; } public static TransportSecurityOptions fromJsonFile(Path file) { @@ -95,6 +99,7 @@ public class TransportSecurityOptions { private AuthorizedPeers authorizedPeers; private List<String> acceptedCiphers = new ArrayList<>(); private boolean isHostnameValidationDisabled; + private List<String> acceptedProtocols = new ArrayList<>(); public Builder() {} @@ -119,6 +124,11 @@ public class TransportSecurityOptions { return this; } + public Builder withAcceptedProtocols(List<String> acceptedProtocols) { + this.acceptedProtocols = acceptedProtocols; + return this; + } + public Builder withHostnameValidationDisabled(boolean isDisabled) { this.isHostnameValidationDisabled = isDisabled; return this; @@ -137,6 +147,7 @@ public class TransportSecurityOptions { ", caCertificatesFile=" + caCertificatesFile + ", authorizedPeers=" + authorizedPeers + ", acceptedCiphers=" + acceptedCiphers + + ", acceptedProtocols=" + acceptedProtocols + ", isHostnameValidationDisabled=" + isHostnameValidationDisabled + '}'; } @@ -151,11 +162,13 @@ public class TransportSecurityOptions { Objects.equals(certificatesFile, that.certificatesFile) && Objects.equals(caCertificatesFile, that.caCertificatesFile) && Objects.equals(authorizedPeers, that.authorizedPeers) && - Objects.equals(acceptedCiphers, that.acceptedCiphers); + Objects.equals(acceptedCiphers, that.acceptedCiphers) && + Objects.equals(acceptedProtocols, that.acceptedProtocols); } @Override public int hashCode() { - return Objects.hash(privateKeyFile, certificatesFile, caCertificatesFile, authorizedPeers, acceptedCiphers, isHostnameValidationDisabled); + return Objects.hash(privateKeyFile, certificatesFile, caCertificatesFile, authorizedPeers, acceptedCiphers, + acceptedProtocols, isHostnameValidationDisabled); } }
\ No newline at end of file |