summaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java14
1 files changed, 8 insertions, 6 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
index 9a1d2be537a..b2edf2f1ebc 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
@@ -33,14 +33,16 @@ public class DefaultTlsContext implements TlsContext {
PrivateKey privateKey,
List<X509Certificate> caCertificates,
AuthorizedPeers authorizedPeers,
- AuthorizationMode mode,
- Set<String> acceptedCiphers) {
- this(createSslContext(certificates, privateKey, caCertificates, authorizedPeers, mode),
- acceptedCiphers);
+ AuthorizationMode mode) {
+ this(createSslContext(certificates, privateKey, caCertificates, authorizedPeers, mode));
}
- public DefaultTlsContext(SSLContext sslContext, Set<String> acceptedCiphers) {
+ public DefaultTlsContext(SSLContext sslContext) {
+ this(sslContext, TlsContext.ALLOWED_CIPHER_SUITES);
+ }
+
+ DefaultTlsContext(SSLContext sslContext, Set<String> acceptedCiphers) {
this.sslContext = sslContext;
this.validCiphers = getAllowedCiphers(sslContext, acceptedCiphers);
this.validProtocols = getAllowedProtocols(sslContext);
@@ -50,7 +52,7 @@ public class DefaultTlsContext implements TlsContext {
private static String[] getAllowedCiphers(SSLContext sslContext, Set<String> acceptedCiphers) {
String[] supportedCipherSuites = sslContext.getSupportedSSLParameters().getCipherSuites();
String[] validCipherSuites = Arrays.stream(supportedCipherSuites)
- .filter(suite -> ALLOWED_CIPHER_SUITES.contains(suite) && (acceptedCiphers.isEmpty() || acceptedCiphers.contains(suite)))
+ .filter(suite -> ALLOWED_CIPHER_SUITES.contains(suite) && acceptedCiphers.contains(suite))
.toArray(String[]::new);
if (validCipherSuites.length == 0) {
throw new IllegalStateException(