Revert "Ensure that HTTPS clients only use allowed ciphers and protocol versions" (#25436)

2 files changed, 2 insertions, 25 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
index 9b26b79a960..d91c47e5eed 100644
--- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
+++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
@@ -1,8 +1,6 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.security;
 
-import com.yahoo.security.tls.TlsContext;
-
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
@@ -131,7 +129,7 @@ public class SslContextBuilder {
 
     public SSLContext build() {
         try {
-            SSLContext sslContext = SSLContext.getInstance(TlsContext.SSL_CONTEXT_VERSION);
+            SSLContext sslContext = SSLContext.getInstance("TLS");
             X509ExtendedTrustManager trustManager = this.trustManager != null
                     ? this.trustManager
                     : trustManagerFactory.createTrustManager(trustStoreSupplier.get());
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
index 8e146f36907..b222c8664cc 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
@@ -4,8 +4,6 @@ package com.yahoo.security.tls;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
@@ -41,12 +39,7 @@ public interface TlsContext extends AutoCloseable {
 
     // TODO Enable TLSv1.3 after upgrading to JDK 17
     Set<String> ALLOWED_PROTOCOLS = Collections.singleton("TLSv1.2");
-
-    /** 
-     * {@link SSLContext} protocol name that supports at least oldest protocol listed in {@link #ALLOWED_PROTOCOLS}
-     * @see SSLContext#getInstance(String)
-     */
-    String SSL_CONTEXT_VERSION = "TLSv1.2";
+    String SSL_CONTEXT_VERSION = "TLS"; // Use SSLContext implementations that supports all TLS versions
 
     /**
      * @return the allowed cipher suites supported by the provided context instance
@@ -65,8 +58,6 @@ public interface TlsContext extends AutoCloseable {
         return enabledCiphers;
     }
 
-    static Set<String> getAllowedCipherSuites() { return getAllowedCipherSuites(defaultSslContext()); }
-
     /**
      * @return the allowed protocols supported by the provided context instance
      */
@@ -83,18 +74,6 @@ public interface TlsContext extends AutoCloseable {
         return enabledProtocols;
     }
 
-    static Set<String> getAllowedProtocols() { return getAllowedProtocols(defaultSslContext()); }
-
-    /** @return Default {@link SSLContext} instance without certificate and using JDK's default trust store */
-    static SSLContext defaultSslContext() {
-        try {
-            var ctx = SSLContext.getInstance(SSL_CONTEXT_VERSION);
-            ctx.init(null, null, null);
-            return ctx;
-        } catch (NoSuchAlgorithmException e) { throw new IllegalArgumentException(e);
-        } catch (KeyManagementException e) { throw new IllegalStateException(e); }
-    }
-
     SSLContext context();
 
     SSLParameters parameters();