aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
Commit message (Collapse)AuthorAgeFilesLines
* Update copyrightJon Bratseth2023-10-091-1/+1
|
* Merge Java package 'c.y.s.tls.{auth,json,policy}' into 'c.y.s.tls'Bjørn Christian Seime2022-07-201-2/+0
| | | | Facilitate improved encapsulation of Vespa mTLS related classes
* Always run PeerAutorizerBjørn Christian Seime2022-07-151-8/+3
| | | | | Interpret empty AuthorizedPeers as granting all capabilities unconditionally. Assume AuthorizedPeers as always present.
* Update 2018 copyright notices.gjoranv2021-10-071-1/+1
|
* Remove com.yahoo.vespa.jdk8compatBjørn Christian Seime2021-03-101-2/+3
| | | | These types are often accidentally imported, and the JDK8 replacement is typically a one-liner.
* Make TLS protocol version configurable in TLS config fileBjørn Christian Seime2021-02-241-7/+16
| | | | | Only protocols listed in allowlist can be configured. TLSv1.2 is the only supported version at the moment, but TLSv1.3 will most likely be included in the future.
* Use singleton already present.Henning Baldersheim2021-01-281-4/+0
|
* Override hostname verification in PeerAuthorizerTrustManagerBjørn Christian Seime2020-02-171-6/+8
| | | | | Override hostname verification on client-side. Remove overriding of hostname verification for server-side.
* Use JDK8 as build target for security-utilsBjørn Christian Seime2019-12-021-4/+4
|
* Add helper methods in TlsContext to determine allowed ciphers/protocolsBjørn Christian Seime2019-11-251-21/+11
|
* Make peer authentication in TlsContext configurableBjørn Christian Seime2019-07-031-6/+22
|
* Remove ciphers from DefaultTlsContext public constructorsBjørn Christian Seime2019-07-031-6/+8
|
* Change type of constants from list to setBjørn Christian Seime2019-07-031-3/+3
|
* Move constants from DefaultTlsContext to TlsContextBjørn Christian Seime2019-07-031-13/+0
|
* Override default hostname verification in PeerAuthorizerTrustManagerBjørn Christian Seime2019-02-221-2/+5
| | | | | Ensure that the default hostname verification is not applied for the Vespa TLS certificates. Use the custom trust manager even when no authorized peers rules are present.
* Misc changes to TlsContext and its implementationsBjørn Christian Seime2019-02-191-37/+54
| | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext
* Require client auth for ssl engines constructed by DefaultTlsContextBjørn Christian Seime2019-02-191-0/+1
|
* Revert "Bjorncs/jdisc mixed mode preparations"Arnstein Ressem2019-02-181-54/+36
|
* Misc changes to TlsContext and its implementationsBjørn Christian Seime2019-02-141-37/+54
| | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext
* Require client auth for ssl engines constructed by DefaultTlsContextBjørn Christian Seime2019-02-141-0/+1
|
* Fix typoBjørn Christian Seime2019-02-011-1/+1
|
* Restrict enabled protocolsBjørn Christian Seime2019-02-011-0/+16
|
* Allow configuration of accepted ciphersBjørn Christian Seime2019-01-231-8/+15
|
* Add TLSv1.3 cipher suites to whitelistBjørn Christian Seime2019-01-231-1/+4
|
* Fix spelling error ('suits' -> 'suites')Bjørn Christian Seime2018-12-051-7/+7
|
* Remove whitelisting of AES-CBC ciphersBjørn Christian Seime2018-12-051-5/+1
|
* Use AuthorizationMode to configure behaviour of PeerAuthorizerTrustManagerBjørn Christian Seime2018-12-051-7/+8
|
* Split ConfigFileManagedTlsContext into ReloadingTlsContext and DefaultTlsContextBjørn Christian Seime2018-12-051-0/+101