diff options
| author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-12-19 16:04:48 +0100 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-01-09 11:14:56 +0100 |
| commit | 462fd256f43cfa3ed8b3fcff0729dbf459844172 (patch) | |
| tree | 6a20bbe22cc93f0464f1596615d6681bc5104ae1 /vespa-athenz | |
| parent | 0796ad7fd3a85d360df2742a408545703d2c2368 (diff) | |
Ensure that HTTPS clients only use allowed ciphers and protocol versions
Diffstat (limited to 'vespa-athenz')
| -rw-r--r-- | vespa-athenz/pom.xml | 6 | ||||
| -rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/common/ClientBase.java | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/vespa-athenz/pom.xml b/vespa-athenz/pom.xml index f1e6738bdb9..8a649154960 100644 --- a/vespa-athenz/pom.xml +++ b/vespa-athenz/pom.xml @@ -121,6 +121,12 @@ </exclusion> </exclusions> </dependency> + <dependency> + <groupId>com.yahoo.vespa</groupId> + <artifactId>http-utils</artifactId> + <version>${project.version}</version> + <scope>compile</scope> + </dependency> <dependency> <!-- needed by auth-core --> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-impl</artifactId> diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/common/ClientBase.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/common/ClientBase.java index a49ea166f2d..f9b422774b4 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/common/ClientBase.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/common/ClientBase.java @@ -1,6 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.client.common; +import ai.vespa.util.http.hc4.SslConnectionSocketFactory; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; @@ -12,7 +13,6 @@ import org.apache.http.HttpResponse; import org.apache.http.client.ResponseHandler; import org.apache.http.client.config.RequestConfig; import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; @@ -103,7 +103,7 @@ public abstract class ClientBase implements AutoCloseable { return HttpClientBuilder.create() .setRetryHandler(new DefaultHttpRequestRetryHandler(3, /*requestSentRetryEnabled*/true)) .setUserAgent(userAgent) - .setSSLSocketFactory(new SSLConnectionSocketFactory(new ServiceIdentitySslSocketFactory(sslContextSupplier), hostnameVerifier)) + .setSSLSocketFactory(SslConnectionSocketFactory.of(new ServiceIdentitySslSocketFactory(sslContextSupplier), hostnameVerifier)) .setMaxConnPerRoute(8) .setDefaultRequestConfig(RequestConfig.custom() .setConnectTimeout((int) Duration.ofSeconds(10).toMillis()) |