Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update copyright | Jon Bratseth | 2023-10-09 | 1 | -1/+1 |
| | |||||
* | Merge Java package 'c.y.s.tls.{auth,json,policy}' into 'c.y.s.tls' | Bjørn Christian Seime | 2022-07-20 | 1 | -2/+0 |
| | | | | Facilitate improved encapsulation of Vespa mTLS related classes | ||||
* | Always run PeerAutorizer | Bjørn Christian Seime | 2022-07-15 | 1 | -8/+3 |
| | | | | | Interpret empty AuthorizedPeers as granting all capabilities unconditionally. Assume AuthorizedPeers as always present. | ||||
* | Update 2018 copyright notices. | gjoranv | 2021-10-07 | 1 | -1/+1 |
| | |||||
* | Remove com.yahoo.vespa.jdk8compat | Bjørn Christian Seime | 2021-03-10 | 1 | -2/+3 |
| | | | | These types are often accidentally imported, and the JDK8 replacement is typically a one-liner. | ||||
* | Make TLS protocol version configurable in TLS config file | Bjørn Christian Seime | 2021-02-24 | 1 | -7/+16 |
| | | | | | Only protocols listed in allowlist can be configured. TLSv1.2 is the only supported version at the moment, but TLSv1.3 will most likely be included in the future. | ||||
* | Use singleton already present. | Henning Baldersheim | 2021-01-28 | 1 | -4/+0 |
| | |||||
* | Override hostname verification in PeerAuthorizerTrustManager | Bjørn Christian Seime | 2020-02-17 | 1 | -6/+8 |
| | | | | | Override hostname verification on client-side. Remove overriding of hostname verification for server-side. | ||||
* | Use JDK8 as build target for security-utils | Bjørn Christian Seime | 2019-12-02 | 1 | -4/+4 |
| | |||||
* | Add helper methods in TlsContext to determine allowed ciphers/protocols | Bjørn Christian Seime | 2019-11-25 | 1 | -21/+11 |
| | |||||
* | Make peer authentication in TlsContext configurable | Bjørn Christian Seime | 2019-07-03 | 1 | -6/+22 |
| | |||||
* | Remove ciphers from DefaultTlsContext public constructors | Bjørn Christian Seime | 2019-07-03 | 1 | -6/+8 |
| | |||||
* | Change type of constants from list to set | Bjørn Christian Seime | 2019-07-03 | 1 | -3/+3 |
| | |||||
* | Move constants from DefaultTlsContext to TlsContext | Bjørn Christian Seime | 2019-07-03 | 1 | -13/+0 |
| | |||||
* | Override default hostname verification in PeerAuthorizerTrustManager | Bjørn Christian Seime | 2019-02-22 | 1 | -2/+5 |
| | | | | | Ensure that the default hostname verification is not applied for the Vespa TLS certificates. Use the custom trust manager even when no authorized peers rules are present. | ||||
* | Misc changes to TlsContext and its implementations | Bjørn Christian Seime | 2019-02-19 | 1 | -37/+54 |
| | | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext | ||||
* | Require client auth for ssl engines constructed by DefaultTlsContext | Bjørn Christian Seime | 2019-02-19 | 1 | -0/+1 |
| | |||||
* | Revert "Bjorncs/jdisc mixed mode preparations" | Arnstein Ressem | 2019-02-18 | 1 | -54/+36 |
| | |||||
* | Misc changes to TlsContext and its implementations | Bjørn Christian Seime | 2019-02-14 | 1 | -37/+54 |
| | | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext | ||||
* | Require client auth for ssl engines constructed by DefaultTlsContext | Bjørn Christian Seime | 2019-02-14 | 1 | -0/+1 |
| | |||||
* | Fix typo | Bjørn Christian Seime | 2019-02-01 | 1 | -1/+1 |
| | |||||
* | Restrict enabled protocols | Bjørn Christian Seime | 2019-02-01 | 1 | -0/+16 |
| | |||||
* | Allow configuration of accepted ciphers | Bjørn Christian Seime | 2019-01-23 | 1 | -8/+15 |
| | |||||
* | Add TLSv1.3 cipher suites to whitelist | Bjørn Christian Seime | 2019-01-23 | 1 | -1/+4 |
| | |||||
* | Fix spelling error ('suits' -> 'suites') | Bjørn Christian Seime | 2018-12-05 | 1 | -7/+7 |
| | |||||
* | Remove whitelisting of AES-CBC ciphers | Bjørn Christian Seime | 2018-12-05 | 1 | -5/+1 |
| | |||||
* | Use AuthorizationMode to configure behaviour of PeerAuthorizerTrustManager | Bjørn Christian Seime | 2018-12-05 | 1 | -7/+8 |
| | |||||
* | Split ConfigFileManagedTlsContext into ReloadingTlsContext and DefaultTlsContext | Bjørn Christian Seime | 2018-12-05 | 1 | -0/+101 |