diff options
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java index eef05d4f4f2..1f78dc9d481 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java @@ -5,6 +5,8 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; import java.util.Set; import static java.util.stream.Collectors.toSet; @@ -23,7 +25,7 @@ public interface TlsContext extends AutoCloseable { * For TLSv1.3 we allow the DEFAULT group ciphers. * Note that we _only_ allow AEAD ciphers for either TLS version. */ - Set<String> ALLOWED_CIPHER_SUITES = com.yahoo.vespa.jdk8compat.Set.of( + Set<String> ALLOWED_CIPHER_SUITES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList( "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", // Java 12 @@ -32,10 +34,10 @@ public interface TlsContext extends AutoCloseable { "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_AES_128_GCM_SHA256", // TLSv1.3 "TLS_AES_256_GCM_SHA384", // TLSv1.3 - "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3, Java 12 + "TLS_CHACHA20_POLY1305_SHA256"))); // TLSv1.3, Java 12 // TODO Enable TLSv1.3 after upgrading to JDK 17 - Set<String> ALLOWED_PROTOCOLS = com.yahoo.vespa.jdk8compat.Set.of("TLSv1.2"); + Set<String> ALLOWED_PROTOCOLS = Collections.singleton("TLSv1.2"); String SSL_CONTEXT_VERSION = "TLS"; // Use SSLContext implementations that supports all TLS versions /** |