diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-07-12 16:13:40 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-07-12 17:00:38 +0200 |
commit | 681414100e1aac65e16090c789405e69b26ebb3b (patch) | |
tree | 775923c4737beacc375644be36007318509de29a /vespa-feed-client | |
parent | 34adcbec812c4994ba5fe0b14e441613f473d99a (diff) |
Allow TLSv1.3
Diffstat (limited to 'vespa-feed-client')
-rw-r--r-- | vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java | 3 | ||||
-rw-r--r-- | vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java | 8 |
2 files changed, 6 insertions, 5 deletions
diff --git a/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java b/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java index 1855b657a75..85144ae3e8c 100644 --- a/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java +++ b/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java @@ -85,7 +85,8 @@ class SslContextBuilder { } else if (hasCaCertificateInstance()) { addCaCertificates(keystore, caCertificates); } - SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); // Protocol version must match TlsContext.SSL_CONTEXT_VERSION + // Protocol version must be equal to TlsContext.SSL_CONTEXT_VERSION or higher + SSLContext sslContext = SSLContext.getInstance("TLSv1.3"); sslContext.init( createKeyManagers(keystore).orElse(null), createTrustManagers(keystore).orElse(null), diff --git a/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java b/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java index 95952d37c3c..bddb8857dc3 100644 --- a/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java +++ b/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java @@ -57,13 +57,13 @@ class SslContextBuilderTest { .withCaCertificates(certificateFile) .withCertificateAndKey(certificateFile, privateKeyFile) .build()); - assertEquals("TLSv1.2", sslContext.getProtocol()); + assertEquals("TLSv1.3", sslContext.getProtocol()); } @Test void successfully_constructs_sslcontext_when_no_builder_parameter_given() { SSLContext sslContext = Assertions.assertDoesNotThrow(() -> new SslContextBuilder().build()); - assertEquals("TLSv1.2", sslContext.getProtocol()); + assertEquals("TLSv1.3", sslContext.getProtocol()); } @Test @@ -72,7 +72,7 @@ class SslContextBuilderTest { new SslContextBuilder() .withCertificateAndKey(certificateFile, privateKeyFile) .build()); - assertEquals("TLSv1.2", sslContext.getProtocol()); + assertEquals("TLSv1.3", sslContext.getProtocol()); } @Test @@ -81,7 +81,7 @@ class SslContextBuilderTest { new SslContextBuilder() .withCaCertificates(certificateFile) .build()); - assertEquals("TLSv1.2", sslContext.getProtocol()); + assertEquals("TLSv1.3", sslContext.getProtocol()); } private static void writePem(Path file, String type, byte[] asn1DerEncodedObject) throws IOException { |