diff options
Diffstat (limited to 'security-utils/src/main/java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java | 4 | ||||
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java | 23 |
2 files changed, 2 insertions, 25 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java index 9b26b79a960..d91c47e5eed 100644 --- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java +++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java @@ -1,8 +1,6 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; -import com.yahoo.security.tls.TlsContext; - import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; @@ -131,7 +129,7 @@ public class SslContextBuilder { public SSLContext build() { try { - SSLContext sslContext = SSLContext.getInstance(TlsContext.SSL_CONTEXT_VERSION); + SSLContext sslContext = SSLContext.getInstance("TLS"); X509ExtendedTrustManager trustManager = this.trustManager != null ? this.trustManager : trustManagerFactory.createTrustManager(trustStoreSupplier.get()); diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java index 8e146f36907..b222c8664cc 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java @@ -4,8 +4,6 @@ package com.yahoo.security.tls; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.Collections; import java.util.HashSet; @@ -41,12 +39,7 @@ public interface TlsContext extends AutoCloseable { // TODO Enable TLSv1.3 after upgrading to JDK 17 Set<String> ALLOWED_PROTOCOLS = Collections.singleton("TLSv1.2"); - - /** - * {@link SSLContext} protocol name that supports at least oldest protocol listed in {@link #ALLOWED_PROTOCOLS} - * @see SSLContext#getInstance(String) - */ - String SSL_CONTEXT_VERSION = "TLSv1.2"; + String SSL_CONTEXT_VERSION = "TLS"; // Use SSLContext implementations that supports all TLS versions /** * @return the allowed cipher suites supported by the provided context instance @@ -65,8 +58,6 @@ public interface TlsContext extends AutoCloseable { return enabledCiphers; } - static Set<String> getAllowedCipherSuites() { return getAllowedCipherSuites(defaultSslContext()); } - /** * @return the allowed protocols supported by the provided context instance */ @@ -83,18 +74,6 @@ public interface TlsContext extends AutoCloseable { return enabledProtocols; } - static Set<String> getAllowedProtocols() { return getAllowedProtocols(defaultSslContext()); } - - /** @return Default {@link SSLContext} instance without certificate and using JDK's default trust store */ - static SSLContext defaultSslContext() { - try { - var ctx = SSLContext.getInstance(SSL_CONTEXT_VERSION); - ctx.init(null, null, null); - return ctx; - } catch (NoSuchAlgorithmException e) { throw new IllegalArgumentException(e); - } catch (KeyManagementException e) { throw new IllegalStateException(e); } - } - SSLContext context(); SSLParameters parameters(); |