summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--jrt/tests/com/yahoo/jrt/CryptoUtils.java2
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java13
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java15
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java2
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java2
5 files changed, 18 insertions, 16 deletions
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
index 6890fe88da5..ead9918a9c7 100644
--- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java
+++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
@@ -48,7 +48,7 @@ class CryptoUtils {
Field.CN, new HostGlobPattern("dummy"))))));
static TlsContext createTestTlsContext() {
- return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, DefaultTlsContext.ALLOWED_CIPHER_SUITES);
+ return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, TlsContext.ALLOWED_CIPHER_SUITES);
}
}
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
index e74ad49b2f5..3c583bb8aaa 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
@@ -23,19 +23,6 @@ import java.util.logging.Logger;
*/
public class DefaultTlsContext implements TlsContext {
- public static final List<String> ALLOWED_CIPHER_SUITES = Arrays.asList(
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
- "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
- "TLS_AES_128_GCM_SHA256", // TLSv1.3
- "TLS_AES_256_GCM_SHA384", // TLSv1.3
- "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3
-
- public static final List<String> ALLOWED_PROTOCOLS = List.of("TLSv1.2"); // TODO Enable TLSv1.3
-
private static final Logger log = Logger.getLogger(DefaultTlsContext.class.getName());
private final SSLContext sslContext;
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
index b315dd00b31..253331ee9c6 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
@@ -4,6 +4,8 @@ package com.yahoo.security.tls;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
+import java.util.Arrays;
+import java.util.List;
/**
* A simplified version of {@link SSLContext} modelled as an interface.
@@ -12,6 +14,19 @@ import javax.net.ssl.SSLParameters;
*/
public interface TlsContext extends AutoCloseable {
+ List<String> ALLOWED_CIPHER_SUITES = Arrays.asList(
+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_AES_128_GCM_SHA256", // TLSv1.3
+ "TLS_AES_256_GCM_SHA384", // TLSv1.3
+ "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3
+
+ List<String> ALLOWED_PROTOCOLS = List.of("TLSv1.2"); // TODO Enable TLSv1.3
+
SSLContext context();
SSLParameters parameters();
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
index 5969d4d2ace..dd36b10f86f 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
@@ -53,7 +53,7 @@ public class DefaultTlsContextTest {
assertThat(sslEngine).isNotNull();
String[] enabledCiphers = sslEngine.getEnabledCipherSuites();
assertThat(enabledCiphers).isNotEmpty();
- assertThat(enabledCiphers).isSubsetOf(DefaultTlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0]));
+ assertThat(enabledCiphers).isSubsetOf(TlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0]));
String[] enabledProtocols = sslEngine.getEnabledProtocols();
assertThat(enabledProtocols).contains("TLSv1.2");
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java
index f991f86fdce..bcdb0793348 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java
@@ -60,7 +60,7 @@ public class ReloadingTlsContextTest {
assertThat(sslEngine).isNotNull();
String[] enabledCiphers = sslEngine.getEnabledCipherSuites();
assertThat(enabledCiphers).isNotEmpty();
- assertThat(enabledCiphers).isSubsetOf(DefaultTlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0]));
+ assertThat(enabledCiphers).isSubsetOf(TlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0]));
String[] enabledProtocols = sslEngine.getEnabledProtocols();
assertThat(enabledProtocols).contains("TLSv1.2");