Revert "Ensure that HTTPS clients only use allowed ciphers and protocol versions" (#25436)

author: Andreas Eriksen <andreer@yahooinc.com> 2023-01-06 17:16:35 +0100
committer: GitHub <noreply@github.com> 2023-01-06 17:16:35 +0100
commit: 4bb0999694a314b8daebe179db39c1fe48cca21d (patch)
tree: b5e59f7141c7b38c9cce3dfb4662859c546ca8d7 /vespa-feed-client
parent: 58889b4e6d3f220c1c52907f37a57fc5c4e53060 (diff)
2 files changed, 6 insertions, 5 deletions
diff --git a/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java b/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java
index 1855b657a75..2ca4577abe6 100644
--- a/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java
+++ b/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java
@@ -85,7 +85,7 @@ class SslContextBuilder {
             } else if (hasCaCertificateInstance()) {
                 addCaCertificates(keystore, caCertificates);
             }
-            SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); // Protocol version must match TlsContext.SSL_CONTEXT_VERSION
+            SSLContext sslContext = SSLContext.getInstance("TLS");
             sslContext.init(
                     createKeyManagers(keystore).orElse(null),
                     createTrustManagers(keystore).orElse(null),
diff --git a/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java b/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java
index 95952d37c3c..f7c1b4d2b03 100644
--- a/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java
+++ b/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java
@@ -30,6 +30,7 @@ import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.Date;
 
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 /**
@@ -57,13 +58,13 @@ class SslContextBuilderTest {
                         .withCaCertificates(certificateFile)
                         .withCertificateAndKey(certificateFile, privateKeyFile)
                         .build());
-        assertEquals("TLSv1.2", sslContext.getProtocol());
+        assertEquals("TLS", sslContext.getProtocol());
     }
 
     @Test
     void successfully_constructs_sslcontext_when_no_builder_parameter_given() {
         SSLContext sslContext = Assertions.assertDoesNotThrow(() -> new SslContextBuilder().build());
-        assertEquals("TLSv1.2", sslContext.getProtocol());
+        assertEquals("TLS", sslContext.getProtocol());
     }
 
     @Test
@@ -72,7 +73,7 @@ class SslContextBuilderTest {
                 new SslContextBuilder()
                         .withCertificateAndKey(certificateFile, privateKeyFile)
                         .build());
-        assertEquals("TLSv1.2", sslContext.getProtocol());
+        assertEquals("TLS", sslContext.getProtocol());
     }
 
     @Test
@@ -81,7 +82,7 @@ class SslContextBuilderTest {
                 new SslContextBuilder()
                         .withCaCertificates(certificateFile)
                         .build());
-        assertEquals("TLSv1.2", sslContext.getProtocol());
+        assertEquals("TLS", sslContext.getProtocol());
     }
 
     private static void writePem(Path file, String type, byte[] asn1DerEncodedObject) throws IOException {
author	Andreas Eriksen <andreer@yahooinc.com>	2023-01-06 17:16:35 +0100
committer	GitHub <noreply@github.com>	2023-01-06 17:16:35 +0100
commit	4bb0999694a314b8daebe179db39c1fe48cca21d (patch)
tree	b5e59f7141c7b38c9cce3dfb4662859c546ca8d7 /vespa-feed-client
parent	58889b4e6d3f220c1c52907f37a57fc5c4e53060 (diff)