Merge pull request #25457 from vespa-engine/bjorncs/semgrep

Bjorncs/semgrep
author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2023-01-09 14:30:34 +0100
committer: GitHub <noreply@github.com> 2023-01-09 14:30:34 +0100
commit: fec888a941770cad8cd79db5b1694ad7c0fa0960 (patch)
tree: 1e09b190c62b9d48584a99cc9e277825e75e481e /vespa-feed-client
parent: 3fe64417b5c48f81543a23750cbf5caff8e45304 (diff)
parent: 2c3dbf36ce449a7ebdc59ff0102e9f79e508780e (diff)
2 files changed, 5 insertions, 6 deletions
diff --git a/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java b/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java
index 2ca4577abe6..1855b657a75 100644
--- a/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java
+++ b/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java
@@ -85,7 +85,7 @@ class SslContextBuilder {
             } else if (hasCaCertificateInstance()) {
                 addCaCertificates(keystore, caCertificates);
             }
-            SSLContext sslContext = SSLContext.getInstance("TLS");
+            SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); // Protocol version must match TlsContext.SSL_CONTEXT_VERSION
             sslContext.init(
                     createKeyManagers(keystore).orElse(null),
                     createTrustManagers(keystore).orElse(null),
diff --git a/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java b/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java
index f7c1b4d2b03..95952d37c3c 100644
--- a/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java
+++ b/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java
@@ -30,7 +30,6 @@ import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.Date;
 
-import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 /**
@@ -58,13 +57,13 @@ class SslContextBuilderTest {
                         .withCaCertificates(certificateFile)
                         .withCertificateAndKey(certificateFile, privateKeyFile)
                         .build());
-        assertEquals("TLS", sslContext.getProtocol());
+        assertEquals("TLSv1.2", sslContext.getProtocol());
     }
 
     @Test
     void successfully_constructs_sslcontext_when_no_builder_parameter_given() {
         SSLContext sslContext = Assertions.assertDoesNotThrow(() -> new SslContextBuilder().build());
-        assertEquals("TLS", sslContext.getProtocol());
+        assertEquals("TLSv1.2", sslContext.getProtocol());
     }
 
     @Test
@@ -73,7 +72,7 @@ class SslContextBuilderTest {
                 new SslContextBuilder()
                         .withCertificateAndKey(certificateFile, privateKeyFile)
                         .build());
-        assertEquals("TLS", sslContext.getProtocol());
+        assertEquals("TLSv1.2", sslContext.getProtocol());
     }
 
     @Test
@@ -82,7 +81,7 @@ class SslContextBuilderTest {
                 new SslContextBuilder()
                         .withCaCertificates(certificateFile)
                         .build());
-        assertEquals("TLS", sslContext.getProtocol());
+        assertEquals("TLSv1.2", sslContext.getProtocol());
     }
 
     private static void writePem(Path file, String type, byte[] asn1DerEncodedObject) throws IOException {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2023-01-09 14:30:34 +0100
committer	GitHub <noreply@github.com>	2023-01-09 14:30:34 +0100
commit	fec888a941770cad8cd79db5b1694ad7c0fa0960 (patch)
tree	1e09b190c62b9d48584a99cc9e277825e75e481e /vespa-feed-client
parent	3fe64417b5c48f81543a23750cbf5caff8e45304 (diff)
parent	2c3dbf36ce449a7ebdc59ff0102e9f79e508780e (diff)