Use TLS 1.2 only

author: Jon Marius Venstad <venstad@gmail.com> 2020-03-19 09:20:21 +0100
committer: Jon Marius Venstad <venstad@gmail.com> 2020-03-19 09:20:21 +0100
commit: 8c273c64d909c9cf13614c47d2e18eb3cc7bc9ba (patch)
tree: eaa60b8163f730068e0531672d34e53daaa6c001 /tenant-cd
parent: fe77d0d999c9f1f2b1188894ae8bbe1d4de91834 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java b/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java
index 1a160663d43..74eb765dd0b 100644
--- a/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java
+++ b/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java
@@ -4,6 +4,7 @@ package ai.vespa.hosted.cd.http;
 import ai.vespa.hosted.api.EndpointAuthenticator;
 import ai.vespa.hosted.cd.Endpoint;
 
+import javax.net.ssl.SSLParameters;
 import java.io.IOException;
 import java.net.URI;
 import java.net.http.HttpClient;
@@ -31,10 +32,13 @@ public class HttpEndpoint implements Endpoint {
     public HttpEndpoint(URI endpoint, EndpointAuthenticator authenticator) {
         this.endpoint = requireNonNull(endpoint);
         this.authenticator = requireNonNull(authenticator);
+        SSLParameters sslParameters = new SSLParameters();
+        sslParameters.setProtocols(new String[] {"TLSv1.2" });
         this.client = HttpClient.newBuilder()
                                 .sslContext(authenticator.sslContext())
                                 .connectTimeout(Duration.ofSeconds(5))
                                 .version(HttpClient.Version.HTTP_1_1)
+                                .sslParameters(sslParameters)
                                 .build();
     }
author	Jon Marius Venstad <venstad@gmail.com>	2020-03-19 09:20:21 +0100
committer	Jon Marius Venstad <venstad@gmail.com>	2020-03-19 09:20:21 +0100
commit	8c273c64d909c9cf13614c47d2e18eb3cc7bc9ba (patch)
tree	eaa60b8163f730068e0531672d34e53daaa6c001 /tenant-cd
parent	fe77d0d999c9f1f2b1188894ae8bbe1d4de91834 (diff)