summaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java15
1 files changed, 15 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
index b315dd00b31..253331ee9c6 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
@@ -4,6 +4,8 @@ package com.yahoo.security.tls;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
+import java.util.Arrays;
+import java.util.List;
/**
* A simplified version of {@link SSLContext} modelled as an interface.
@@ -12,6 +14,19 @@ import javax.net.ssl.SSLParameters;
*/
public interface TlsContext extends AutoCloseable {
+ List<String> ALLOWED_CIPHER_SUITES = Arrays.asList(
+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_AES_128_GCM_SHA256", // TLSv1.3
+ "TLS_AES_256_GCM_SHA384", // TLSv1.3
+ "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3
+
+ List<String> ALLOWED_PROTOCOLS = List.of("TLSv1.2"); // TODO Enable TLSv1.3
+
SSLContext context();
SSLParameters parameters();