From dcda9784b269635626bfc98d819d429c39a1f8b7 Mon Sep 17 00:00:00 2001
From: Maxim Thomas <maxim.thomas@gmail.com>
Date: Thu, 18 Jul 2019 09:19:15 +0000
Subject: [PATCH] Remote TLSv1.3 to avoid 100% cpu #78 and #80 issues (#82)

---
 opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java b/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
index 1d0eee8..0dd9953 100644
--- a/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
+++ b/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
@@ -65,6 +65,7 @@
 import org.forgerock.opendj.server.config.server.LDAPConnectionHandlerCfg;
 import org.forgerock.util.Function;
 import org.forgerock.util.Options;
+import org.glassfish.grizzly.utils.ArrayUtils;
 import org.opends.server.api.AlertGenerator;
 import org.opends.server.api.ClientConnection;
 import org.opends.server.api.ConnectionHandler;
@@ -854,6 +855,10 @@
             final Set<String> protocols = config.getSSLProtocol();
             if (!protocols.isEmpty()) {
                 sslEngine.setEnabledProtocols(protocols.toArray(new String[0]));
+            } else { //enforce enable TLSv1.3 to avoid jdk 11 TLSv1.3 problem
+            	String[] enabledProtocols = sslEngine.getEnabledProtocols();
+            	String[] enabledProtocolsNoTLSv13 = ArrayUtils.remove(enabledProtocols, "TLSv1.3");
+            	sslEngine.setEnabledProtocols(enabledProtocolsNoTLSv13);
             }
 
             final Set<String> ciphers = config.getSSLCipherSuite();

--
Gitblit v1.10.0