From a0ab947af53ac53cbc869bba566f4f54bd4caf30 Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Fri, 15 Sep 2023 19:37:46 +0300 Subject: [PATCH] Remove TLSv1 as default protocol --- .../java/org/forgerock/opendj/ldap/SSLContextBuilder.java | 2 +- .../java/org/opends/server/protocols/jmx/RmiConnector.java | 2 +- .../java/org/opends/server/tools/SSLConnectionFactory.java | 4 ++-- .../test/java/org/opends/server/tools/RemoteConnection.java | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java b/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java index 50cce735f6..6c06d9c434 100644 --- a/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java +++ b/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java @@ -72,7 +72,7 @@ public final class SSLContextBuilder { private TrustManager trustManager; private KeyManager keyManager; - private String protocol = PROTOCOL_TLS1_2; + private String protocol = PROTOCOL_TLS; private SecureRandom random; /** These are mutually exclusive. */ diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/jmx/RmiConnector.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/jmx/RmiConnector.java index d0faf08de1..33a9ba6bc7 100644 --- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/jmx/RmiConnector.java +++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/jmx/RmiConnector.java @@ -285,7 +285,7 @@ private void startConnectorNoClientCertificate() throws Exception : SelectableCertificateKeyManager.wrap(provider.getKeyManagers(), nicknames); } - SSLContext ctx = SSLContext.getInstance("TLSv1"); + SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init( keyManagers, null, diff --git a/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java b/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java index 0c7db6713c..9be9cf47ac 100644 --- a/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java +++ b/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java @@ -72,8 +72,8 @@ public class SSLConnectionFactory } catch (NoSuchAlgorithmException ex) { - logger.trace("Unable to retrieve default TLS protocols of the JVM, defaulting to TLSv1", ex); - protocols = Arrays.asList(SSLContextBuilder.PROTOCOL_TLS1); + logger.trace("Unable to retrieve default TLS protocols of the JVM, defaulting to TLS", ex); + protocols = Arrays.asList(SSLContextBuilder.PROTOCOL_TLS); } TLS_PROTOCOLS = protocols.toArray(new String[protocols.size()]); } diff --git a/opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java b/opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java index 4791a8a740..239b488cca 100644 --- a/opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java +++ b/opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java @@ -96,7 +96,7 @@ public RemoteConnection(String host, int port, boolean secure) throws Exception private Socket getSslSocket(String host, int port) throws Exception { - SSLContext sslCtx = SSLContext.getInstance("TLSv1"); + SSLContext sslCtx = SSLContext.getInstance("TLS"); TrustManager[] tm = new TrustManager[] { new BlindTrustManager() }; sslCtx.init(null, tm, new SecureRandom()); SSLSocketFactory socketFactory = sslCtx.getSocketFactory();