This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch coheigea/tls-v1 in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 07feaba4cde5a049bbd4bb2172a15afa72f425fa Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Thu May 21 17:10:48 2026 +0100 Remove TLS v1 + 1.1 from the default protocol list --- .../java/org/apache/cxf/configuration/jsse/TLSParameterBase.java | 2 -- .../org/apache/cxf/configuration/jsse/TLSClientParametersTest.java | 6 ++---- .../resources/org/apache/cxf/systests/forked/ssl3/sslv3-server.xml | 4 +--- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java index 413ee1b8ea1..ac17533ad2d 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java @@ -37,8 +37,6 @@ import org.apache.cxf.configuration.security.FiltersType; public class TLSParameterBase { protected static final Collection<String> DEFAULT_HTTPS_PROTOCOLS = Arrays.asList( - "TLSv1", - "TLSv1.1", "TLSv1.2", "TLSv1.3" ); diff --git a/core/src/test/java/org/apache/cxf/configuration/jsse/TLSClientParametersTest.java b/core/src/test/java/org/apache/cxf/configuration/jsse/TLSClientParametersTest.java index f7090e1660c..fe87b920f1b 100644 --- a/core/src/test/java/org/apache/cxf/configuration/jsse/TLSClientParametersTest.java +++ b/core/src/test/java/org/apache/cxf/configuration/jsse/TLSClientParametersTest.java @@ -53,8 +53,7 @@ public class TLSClientParametersTest { @Test public void testDefaultHttpsProtocols() { - assertThat(TLSClientParameters.getPreferredClientProtocols(), arrayContainingInAnyOrder("TLSv1", - "TLSv1.1", + assertThat(TLSClientParameters.getPreferredClientProtocols(), arrayContainingInAnyOrder( "TLSv1.2", "TLSv1.3")); } @@ -69,8 +68,7 @@ public class TLSClientParametersTest { public void testIgnoreConfiguredHttpsProtocols() { System.setProperty(TLSClientParameters.IGNORE_CONFIGURED_HTTPS_PROTOCOLS, "true"); System.setProperty(TLSClientParameters.CONFIGURED_HTTPS_PROTOCOLS, "SSLv3,"); - assertThat(TLSClientParameters.getPreferredClientProtocols(), arrayContainingInAnyOrder("TLSv1", - "TLSv1.1", + assertThat(TLSClientParameters.getPreferredClientProtocols(), arrayContainingInAnyOrder( "TLSv1.2", "TLSv1.3")); } diff --git a/systests/forked/src/test/resources/org/apache/cxf/systests/forked/ssl3/sslv3-server.xml b/systests/forked/src/test/resources/org/apache/cxf/systests/forked/ssl3/sslv3-server.xml index 44a973b3a33..f1aac0d672b 100644 --- a/systests/forked/src/test/resources/org/apache/cxf/systests/forked/ssl3/sslv3-server.xml +++ b/systests/forked/src/test/resources/org/apache/cxf/systests/forked/ssl3/sslv3-server.xml @@ -97,8 +97,6 @@ <sec:clientAuthentication want="true" required="false"/> <sec:excludeProtocols> <sec:excludeProtocol>TLS</sec:excludeProtocol> - <sec:excludeProtocol>TLSv1</sec:excludeProtocol> - <sec:excludeProtocol>TLSv1.1</sec:excludeProtocol> <sec:excludeProtocol>TLSv1.2</sec:excludeProtocol> </sec:excludeProtocols> <sec:cipherSuitesFilter> @@ -148,4 +146,4 @@ endpointName="e:HttpsPort" depends-on="tls-but-allow-ssl3"/> -</beans> \ No newline at end of file +</beans>
