From bde0a9a574452fd90abc3a12c90deb8b3d37d6fa Mon Sep 17 00:00:00 2001
From: vharseko <vharseko@3a-systems.ru>
Date: Mon, 18 Sep 2023 06:47:44 +0000
Subject: [PATCH] Remove TLSv1 as default protocol (#303)

---
 opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java           |    2 +-
 opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java     |    2 +-
 opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java |    4 ++--
 opendj-server-legacy/src/main/java/org/opends/server/protocols/jmx/RmiConnector.java |    2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java b/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java
index 50cce73..6c06d9c 100644
--- a/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java
+++ b/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java
@@ -72,7 +72,7 @@
 
     private TrustManager trustManager;
     private KeyManager keyManager;
-    private String protocol = PROTOCOL_TLS1_2;
+    private String protocol = PROTOCOL_TLS;
     private SecureRandom random;
 
     /** These are mutually exclusive. */
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/jmx/RmiConnector.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/jmx/RmiConnector.java
index d0faf08..33a9ba6 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/jmx/RmiConnector.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/jmx/RmiConnector.java
@@ -285,7 +285,7 @@
               : SelectableCertificateKeyManager.wrap(provider.getKeyManagers(), nicknames);
         }
 
-        SSLContext ctx = SSLContext.getInstance("TLSv1");
+        SSLContext ctx = SSLContext.getInstance("TLS");
         ctx.init(
             keyManagers,
             null,
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java b/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
index 0c7db67..9be9cf4 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
@@ -72,8 +72,8 @@
     }
     catch (NoSuchAlgorithmException ex)
     {
-      logger.trace("Unable to retrieve default TLS protocols of the JVM, defaulting to TLSv1", ex);
-      protocols = Arrays.asList(SSLContextBuilder.PROTOCOL_TLS1);
+      logger.trace("Unable to retrieve default TLS protocols of the JVM, defaulting to TLS", ex);
+      protocols = Arrays.asList(SSLContextBuilder.PROTOCOL_TLS);
     }
     TLS_PROTOCOLS = protocols.toArray(new String[protocols.size()]);
   }
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java b/opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java
index 4791a8a..239b488 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java
@@ -96,7 +96,7 @@
 
   private Socket getSslSocket(String host, int port) throws Exception
   {
-    SSLContext sslCtx = SSLContext.getInstance("TLSv1");
+    SSLContext sslCtx = SSLContext.getInstance("TLS");
     TrustManager[] tm = new TrustManager[] { new BlindTrustManager() };
     sslCtx.init(null, tm, new SecureRandom());
     SSLSocketFactory socketFactory = sslCtx.getSocketFactory();

--
Gitblit v1.10.0