From 4bb0999694a314b8daebe179db39c1fe48cca21d Mon Sep 17 00:00:00 2001 From: Andreas Eriksen Date: Fri, 6 Jan 2023 17:16:35 +0100 Subject: Revert "Ensure that HTTPS clients only use allowed ciphers and protocol versions" (#25436) --- .../main/java/ai/vespa/feed/client/impl/SslContextBuilder.java | 2 +- .../java/ai/vespa/feed/client/impl/SslContextBuilderTest.java | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'vespa-feed-client') diff --git a/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java b/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java index 1855b657a75..2ca4577abe6 100644 --- a/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java +++ b/vespa-feed-client/src/main/java/ai/vespa/feed/client/impl/SslContextBuilder.java @@ -85,7 +85,7 @@ class SslContextBuilder { } else if (hasCaCertificateInstance()) { addCaCertificates(keystore, caCertificates); } - SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); // Protocol version must match TlsContext.SSL_CONTEXT_VERSION + SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init( createKeyManagers(keystore).orElse(null), createTrustManagers(keystore).orElse(null), diff --git a/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java b/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java index 95952d37c3c..f7c1b4d2b03 100644 --- a/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java +++ b/vespa-feed-client/src/test/java/ai/vespa/feed/client/impl/SslContextBuilderTest.java @@ -30,6 +30,7 @@ import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.Date; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; /** @@ -57,13 +58,13 @@ class SslContextBuilderTest { .withCaCertificates(certificateFile) .withCertificateAndKey(certificateFile, privateKeyFile) .build()); - assertEquals("TLSv1.2", sslContext.getProtocol()); + assertEquals("TLS", sslContext.getProtocol()); } @Test void successfully_constructs_sslcontext_when_no_builder_parameter_given() { SSLContext sslContext = Assertions.assertDoesNotThrow(() -> new SslContextBuilder().build()); - assertEquals("TLSv1.2", sslContext.getProtocol()); + assertEquals("TLS", sslContext.getProtocol()); } @Test @@ -72,7 +73,7 @@ class SslContextBuilderTest { new SslContextBuilder() .withCertificateAndKey(certificateFile, privateKeyFile) .build()); - assertEquals("TLSv1.2", sslContext.getProtocol()); + assertEquals("TLS", sslContext.getProtocol()); } @Test @@ -81,7 +82,7 @@ class SslContextBuilderTest { new SslContextBuilder() .withCaCertificates(certificateFile) .build()); - assertEquals("TLSv1.2", sslContext.getProtocol()); + assertEquals("TLS", sslContext.getProtocol()); } private static void writePem(Path file, String type, byte[] asn1DerEncodedObject) throws IOException { -- cgit v1.2.3