Configure set of valid ciphers

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-07-18 13:43:46 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-07-18 13:54:33 +0200
commit: 7227055f335405e0cbb53289da6749c1b358df4e (patch)
tree: 177b3a2b298c3ac19764c7d393b908e9c254802e /vespaclient
parent: 3361a658f9e65c0ea7a2870e1c55a3025bdda023 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/vespaclient/src/perl/lib/Yahoo/Vespa/Http.pm b/vespaclient/src/perl/lib/Yahoo/Vespa/Http.pm
index f0941b179d4..1e98c26cd68 100644
--- a/vespaclient/src/perl/lib/Yahoo/Vespa/Http.pm
+++ b/vespaclient/src/perl/lib/Yahoo/Vespa/Http.pm
@@ -97,6 +97,10 @@ sub setHttpExecutor { # (Function)
 sub initialize { # ()
     %LEGAL_TYPES = map { $_ => 1 } ( 'GET', 'POST', 'PUT', 'DELETE');
     $BROWSER = LWP::UserAgent->new;
+    my $tls_enabled = $ENV{'VESPA_TLS_ENABLED'};
+    if (defined $tls_enabled and $tls_enabled eq '1') {
+        $BROWSER->ssl_opts( SSL_cipher_list => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256' );
+    }
     if (defined $ENV{'VESPA_TLS_CA_CERT'}) {
         $BROWSER->ssl_opts( SSL_ca_file => $ENV{'VESPA_TLS_CA_CERT'} );
     }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-07-18 13:43:46 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-07-18 13:54:33 +0200
commit	7227055f335405e0cbb53289da6749c1b358df4e (patch)
tree	177b3a2b298c3ac19764c7d393b908e9c254802e /vespaclient
parent	3361a658f9e65c0ea7a2870e1c55a3025bdda023 (diff)