From 3c4ed640ad8c448e9397bd3a87c64aa5d37539fa Mon Sep 17 00:00:00 2001 From: Jon Marius Venstad Date: Mon, 22 Feb 2021 16:51:26 +0100 Subject: Force TLSv1.2 for controller client --- .../src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'hosted-api/src/main') diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java b/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java index f17816f224d..0cc80bcb111 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java @@ -18,6 +18,7 @@ import com.yahoo.slime.SlimeUtils; import com.yahoo.text.Utf8; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -433,13 +434,19 @@ public abstract class ControllerHttpClient { private static class MutualTlsControllerHttpClient extends ControllerHttpClient { private MutualTlsControllerHttpClient(URI endpoint, SSLContext sslContext) { - super(endpoint, HttpClient.newBuilder().sslContext(sslContext)); + super(endpoint, HttpClient.newBuilder().sslContext(sslContext).sslParameters(tlsv12Parameters(sslContext))); } private MutualTlsControllerHttpClient(URI endpoint, PrivateKey privateKey, List certs) { this(endpoint, new SslContextBuilder().withKeyStore(privateKey, certs).build()); } + private static SSLParameters tlsv12Parameters(SSLContext sslContext) { + SSLParameters parameters = sslContext.getDefaultSSLParameters(); + parameters.setProtocols(new String[]{ "TLSv1.2" }); + return parameters; + } + } -- cgit v1.2.3