summaryrefslogtreecommitdiffstats
path: root/security-utils
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@verizonmedia.com>2019-10-03 16:08:38 +0200
committerBjørn Christian Seime <bjorncs@verizonmedia.com>2019-10-03 16:10:35 +0200
commita67d55136f07974d7258d8918dc4fbeb0901322e (patch)
treec0a700caeef53ff2fcb39d466fb99f62fbbc8e6d /security-utils
parent32eb834cb08a7646e295794010ef483ad354bc42 (diff)
Enable TLSv1.3 for servers/clients based on TlsContext
Diffstat (limited to 'security-utils')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java2
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java2
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java2
3 files changed, 3 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
index ea26be0ef4f..e878ac33467 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
@@ -24,7 +24,7 @@ public interface TlsContext extends AutoCloseable {
"TLS_AES_256_GCM_SHA384", // TLSv1.3
"TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3
- Set<String> ALLOWED_PROTOCOLS = Set.of("TLSv1.2"); // TODO Enable TLSv1.3
+ Set<String> ALLOWED_PROTOCOLS = Set.of("TLSv1.2", "TLSv1.3");
SSLContext context();
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java
index 4e6f0a141b0..a62f13c731e 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java
@@ -63,7 +63,7 @@ public class ConfigFileBasedTlsContextTest {
assertThat(enabledCiphers).isSubsetOf(TlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0]));
String[] enabledProtocols = sslEngine.getEnabledProtocols();
- assertThat(enabledProtocols).contains("TLSv1.2");
+ assertThat(enabledProtocols).containsOnly(TlsContext.ALLOWED_PROTOCOLS.toArray(new String[0]));
}
}
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
index 727a64ae934..3a2eabd78b5 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
@@ -55,7 +55,7 @@ public class DefaultTlsContextTest {
assertThat(enabledCiphers).isSubsetOf(TlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0]));
String[] enabledProtocols = sslEngine.getEnabledProtocols();
- assertThat(enabledProtocols).contains("TLSv1.2");
+ assertThat(enabledProtocols).containsOnly(TlsContext.ALLOWED_PROTOCOLS.toArray(new String[0]));
}
} \ No newline at end of file