diff options
Diffstat (limited to 'http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java')
-rw-r--r-- | http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java b/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java index a33c4c119c2..52f7ad9b56b 100644 --- a/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java +++ b/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java @@ -12,6 +12,7 @@ import org.apache.hc.core5.http.config.Registry; import org.apache.hc.core5.http.config.RegistryBuilder; import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLParameters; import static com.yahoo.security.tls.MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER; import static com.yahoo.security.tls.TransportSecurityUtils.getInsecureMixedMode; @@ -64,7 +65,11 @@ public class VespaHttpClientBuilder { private static void addSslSocketFactory(HttpClientBuilder builder, HttpClientConnectionManagerFactory connectionManagerFactory, HostnameVerifier hostnameVerifier) { getSystemTlsContext().ifPresent(tlsContext -> { - SSLConnectionSocketFactory socketFactory = SslConnectionSocketFactory.of(tlsContext, hostnameVerifier); + SSLParameters parameters = tlsContext.parameters(); + SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(tlsContext.context(), + parameters.getProtocols(), + parameters.getCipherSuites(), + hostnameVerifier); builder.setConnectionManager(connectionManagerFactory.create(createRegistry(socketFactory))); // Workaround that allows re-using https connections, see https://stackoverflow.com/a/42112034/1615280 for details. // Proper solution would be to add a request interceptor that adds a x500 principal as user token, |