aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--jrt/src/com/yahoo/jrt/TlsCryptoSocket.java9
1 files changed, 9 insertions, 0 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java
index 56d096347b3..91dbfccb203 100644
--- a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java
+++ b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java
@@ -49,6 +49,7 @@ public class TlsCryptoSocket implements CryptoSocket {
private AuthorizationResult authorizationResult;
public TlsCryptoSocket(SocketChannel channel, SSLEngine sslEngine) {
+ disableTlsv13(sslEngine);
this.channel = channel;
this.sslEngine = sslEngine;
SSLSession nullSession = sslEngine.getSession();
@@ -324,4 +325,12 @@ public class TlsCryptoSocket implements CryptoSocket {
throw new SSLException("Handshake not completed: handshakeState=" + handshakeState);
}
+ private static void disableTlsv13(SSLEngine sslEngine) {
+ String[] filteredProtocols = Arrays.stream(sslEngine.getEnabledProtocols())
+ .filter(p -> !p.equals("TLSv1.3"))
+ .toArray(String[]::new);
+ if (filteredProtocols.length == 0) throw new IllegalArgumentException("JRT does not support TLSv1.3");
+ sslEngine.setEnabledProtocols(filteredProtocols);
+ }
+
}