From 642aa18663931217ac800d11664ceb4aadf7c47d Mon Sep 17 00:00:00 2001
From: Morten Tokle <mortent@verizonmedia.com>
Date: Thu, 25 Mar 2021 14:08:00 +0100
Subject: Update start scripts

---
 configserver/src/main/sh/start-configserver                | 1 +
 container-disc/src/main/sh/vespa-start-container-daemon.sh | 1 +
 standalone-container/src/main/sh/standalone-container.sh   | 1 +
 3 files changed, 3 insertions(+)

diff --git a/configserver/src/main/sh/start-configserver b/configserver/src/main/sh/start-configserver
index a42f7f35352..efe91a5cea2 100755
--- a/configserver/src/main/sh/start-configserver
+++ b/configserver/src/main/sh/start-configserver
@@ -181,6 +181,7 @@ vespa-run-as-vespa-user vespa-runserver -s configserver -r 30 -p $pidfile -- \
 	-Dsun.rmi.dgc.client.gcInterval=3600000 \
 	-Dsun.net.client.defaultConnectTimeout=5000 -Dsun.net.client.defaultReadTimeout=60000 \
 	-Djavax.net.ssl.keyStoreType=JKS \
+	-Djdk.tls.rejectClientInitiatedRenegotiation=true \
 	-Djdisc.config.file=$cfpfile \
 	-Djdisc.export.packages= \
 	-Djdisc.cache.path=$bundlecachedir \
diff --git a/container-disc/src/main/sh/vespa-start-container-daemon.sh b/container-disc/src/main/sh/vespa-start-container-daemon.sh
index 1ed2d5ccf29..7828ef42ab6 100755
--- a/container-disc/src/main/sh/vespa-start-container-daemon.sh
+++ b/container-disc/src/main/sh/vespa-start-container-daemon.sh
@@ -220,6 +220,7 @@ exec $numactlcmd $envcmd java \
         -Djava.library.path="${VESPA_HOME}/lib64" \
         -Djava.awt.headless=true \
         -Djavax.net.ssl.keyStoreType=JKS \
+        -Djdk.tls.rejectClientInitiatedRenegotiation=true \
         -Dsun.rmi.dgc.client.gcInterval=3600000 \
         -Dsun.net.client.defaultConnectTimeout=5000 -Dsun.net.client.defaultReadTimeout=60000 \
         -Djdisc.config.file="$cfpfile" \
diff --git a/standalone-container/src/main/sh/standalone-container.sh b/standalone-container/src/main/sh/standalone-container.sh
index b8025b9629b..57eca46cdd0 100755
--- a/standalone-container/src/main/sh/standalone-container.sh
+++ b/standalone-container/src/main/sh/standalone-container.sh
@@ -174,6 +174,7 @@ StartCommand() {
         -Dsun.net.client.defaultConnectTimeout=5000 \
         -Dsun.net.client.defaultReadTimeout=60000 \
         -Djavax.net.ssl.keyStoreType=JKS \
+        -Djdk.tls.rejectClientInitiatedRenegotiation=true \
         -Djdisc.config.file="$cfpfile" \
         -Djdisc.export.packages= \
         -Djdisc.cache.path="$bundlecachedir" \
-- 
cgit v1.2.3