From 76f07e1fdafcda1bcf1c178b2fc8d32b30d9b681 Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Tue, 2 Jul 2019 15:14:27 +0200
Subject: Remove ciphers from DefaultTlsContext public constructors

---
 .../java/com/yahoo/security/tls/DefaultTlsContext.java     | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java')

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
index 9a1d2be537a..b2edf2f1ebc 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
@@ -33,14 +33,16 @@ public class DefaultTlsContext implements TlsContext {
                              PrivateKey privateKey,
                              List<X509Certificate> caCertificates,
                              AuthorizedPeers authorizedPeers,
-                             AuthorizationMode mode,
-                             Set<String> acceptedCiphers) {
-        this(createSslContext(certificates, privateKey, caCertificates, authorizedPeers, mode),
-             acceptedCiphers);
+                             AuthorizationMode mode) {
+        this(createSslContext(certificates, privateKey, caCertificates, authorizedPeers, mode));
     }
 
 
-    public DefaultTlsContext(SSLContext sslContext, Set<String> acceptedCiphers) {
+    public DefaultTlsContext(SSLContext sslContext) {
+        this(sslContext, TlsContext.ALLOWED_CIPHER_SUITES);
+    }
+
+    DefaultTlsContext(SSLContext sslContext, Set<String> acceptedCiphers) {
         this.sslContext = sslContext;
         this.validCiphers = getAllowedCiphers(sslContext, acceptedCiphers);
         this.validProtocols = getAllowedProtocols(sslContext);
@@ -50,7 +52,7 @@ public class DefaultTlsContext implements TlsContext {
     private static String[] getAllowedCiphers(SSLContext sslContext, Set<String> acceptedCiphers) {
         String[] supportedCipherSuites = sslContext.getSupportedSSLParameters().getCipherSuites();
         String[] validCipherSuites = Arrays.stream(supportedCipherSuites)
-                .filter(suite -> ALLOWED_CIPHER_SUITES.contains(suite) && (acceptedCiphers.isEmpty() || acceptedCiphers.contains(suite)))
+                .filter(suite -> ALLOWED_CIPHER_SUITES.contains(suite) && acceptedCiphers.contains(suite))
                 .toArray(String[]::new);
         if (validCipherSuites.length == 0) {
             throw new IllegalStateException(
-- 
cgit v1.2.3