diff options
-rw-r--r-- | jrt/src/com/yahoo/jrt/TlsCryptoSocket.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java index 56d096347b3..91dbfccb203 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java @@ -49,6 +49,7 @@ public class TlsCryptoSocket implements CryptoSocket { private AuthorizationResult authorizationResult; public TlsCryptoSocket(SocketChannel channel, SSLEngine sslEngine) { + disableTlsv13(sslEngine); this.channel = channel; this.sslEngine = sslEngine; SSLSession nullSession = sslEngine.getSession(); @@ -324,4 +325,12 @@ public class TlsCryptoSocket implements CryptoSocket { throw new SSLException("Handshake not completed: handshakeState=" + handshakeState); } + private static void disableTlsv13(SSLEngine sslEngine) { + String[] filteredProtocols = Arrays.stream(sslEngine.getEnabledProtocols()) + .filter(p -> !p.equals("TLSv1.3")) + .toArray(String[]::new); + if (filteredProtocols.length == 0) throw new IllegalArgumentException("JRT does not support TLSv1.3"); + sslEngine.setEnabledProtocols(filteredProtocols); + } + } |