aboutsummaryrefslogtreecommitdiffstats
path: root/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
diff options
context:
space:
mode:
Diffstat (limited to 'jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java')
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java22
1 files changed, 8 insertions, 14 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
index 6e3b6a65c51..8a829d33c1b 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
@@ -24,6 +24,7 @@ import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import java.nio.channels.ServerSocketChannel;
+import java.util.Arrays;
import java.util.List;
import java.util.function.BiConsumer;
import java.util.function.Function;
@@ -65,25 +66,11 @@ public class ConnectorFactory {
connector.setName(connectorConfig.name());
connector.setAcceptQueueSize(connectorConfig.acceptQueueSize());
connector.setReuseAddress(connectorConfig.reuseAddress());
- double soLingerTimeSeconds = connectorConfig.soLingerTime();
- if (soLingerTimeSeconds == -1) {
- setSoLingerTime(connector, -1);
- } else {
- setSoLingerTime(connector, (int)(soLingerTimeSeconds * 1000.0));
- }
connector.setIdleTimeout((long)(connectorConfig.idleTimeout() * 1000.0));
connector.setStopTimeout((long)(connectorConfig.stopTimeout() * 1000.0));
return connector;
}
- @SuppressWarnings("deprecation")
- private static void setSoLingerTime(ServerConnector connector, int milliseconds) {
- // TODO: Don't use deprecated methods. Deprecate soLingerTime from connector config
- // Jetty says: "don't use as socket close linger time has undefined behavior for non-blocking sockets"
- // Jetty implementation is now a noop: https://github.com/eclipse/jetty.project/issues/2468, http://mail.openjdk.java.net/pipermail/nio-dev/2018-June/005195.html
- connector.setSoLingerTime(milliseconds);
- }
-
private HttpConnectionFactory newHttpConnectionFactory() {
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSendDateHeader(true);
@@ -120,6 +107,13 @@ public class ConnectorFactory {
factory.setSecureRandomAlgorithm(sslConfig.prng());
}
+ // NOTE: ^TLS_RSA_.*$ ciphers are disabled by default in Jetty 9.4.12+ (https://github.com/eclipse/jetty.project/issues/2807)
+ // JDisc will allow these ciphers by default to support older clients (e.g. Java 8u60 and curl 7.29.0)
+ String[] excludedCiphersWithoutTlsRsaExclusion = Arrays.stream(factory.getExcludeCipherSuites())
+ .filter(cipher -> !cipher.equals("^TLS_RSA_.*$"))
+ .toArray(String[]::new);
+ factory.setExcludeCipherSuites(excludedCiphersWithoutTlsRsaExclusion);
+
setStringArrayParameter(
factory, sslConfig.excludeProtocol(), ExcludeProtocol::name, SslContextFactory::setExcludeProtocols);
setStringArrayParameter(