This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push:
new 9bfdf70ea21 Remove TLS v1 + 1.1 from the default protocol list (#3134)
9bfdf70ea21 is described below
commit 9bfdf70ea21f66d480d5379e3831466be8df28d5
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Fri May 22 09:42:50 2026 +0100
Remove TLS v1 + 1.1 from the default protocol list (#3134)
---
.../java/org/apache/cxf/configuration/jsse/TLSParameterBase.java | 2 --
.../org/apache/cxf/configuration/jsse/TLSClientParametersTest.java | 6 ++----
.../resources/org/apache/cxf/systests/forked/ssl3/sslv3-server.xml | 4 +---
3 files changed, 3 insertions(+), 9 deletions(-)
diff --git
a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
index 413ee1b8ea1..ac17533ad2d 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
@@ -37,8 +37,6 @@ import org.apache.cxf.configuration.security.FiltersType;
public class TLSParameterBase {
protected static final Collection<String> DEFAULT_HTTPS_PROTOCOLS =
Arrays.asList(
- "TLSv1",
- "TLSv1.1",
"TLSv1.2",
"TLSv1.3"
);
diff --git
a/core/src/test/java/org/apache/cxf/configuration/jsse/TLSClientParametersTest.java
b/core/src/test/java/org/apache/cxf/configuration/jsse/TLSClientParametersTest.java
index f7090e1660c..fe87b920f1b 100644
---
a/core/src/test/java/org/apache/cxf/configuration/jsse/TLSClientParametersTest.java
+++
b/core/src/test/java/org/apache/cxf/configuration/jsse/TLSClientParametersTest.java
@@ -53,8 +53,7 @@ public class TLSClientParametersTest {
@Test
public void testDefaultHttpsProtocols() {
- assertThat(TLSClientParameters.getPreferredClientProtocols(),
arrayContainingInAnyOrder("TLSv1",
- "TLSv1.1",
+ assertThat(TLSClientParameters.getPreferredClientProtocols(),
arrayContainingInAnyOrder(
"TLSv1.2",
"TLSv1.3"));
}
@@ -69,8 +68,7 @@ public class TLSClientParametersTest {
public void testIgnoreConfiguredHttpsProtocols() {
System.setProperty(TLSClientParameters.IGNORE_CONFIGURED_HTTPS_PROTOCOLS,
"true");
System.setProperty(TLSClientParameters.CONFIGURED_HTTPS_PROTOCOLS,
"SSLv3,");
- assertThat(TLSClientParameters.getPreferredClientProtocols(),
arrayContainingInAnyOrder("TLSv1",
- "TLSv1.1",
+ assertThat(TLSClientParameters.getPreferredClientProtocols(),
arrayContainingInAnyOrder(
"TLSv1.2",
"TLSv1.3"));
}
diff --git
a/systests/forked/src/test/resources/org/apache/cxf/systests/forked/ssl3/sslv3-server.xml
b/systests/forked/src/test/resources/org/apache/cxf/systests/forked/ssl3/sslv3-server.xml
index 44a973b3a33..f1aac0d672b 100644
---
a/systests/forked/src/test/resources/org/apache/cxf/systests/forked/ssl3/sslv3-server.xml
+++
b/systests/forked/src/test/resources/org/apache/cxf/systests/forked/ssl3/sslv3-server.xml
@@ -97,8 +97,6 @@
<sec:clientAuthentication want="true" required="false"/>
<sec:excludeProtocols>
<sec:excludeProtocol>TLS</sec:excludeProtocol>
- <sec:excludeProtocol>TLSv1</sec:excludeProtocol>
- <sec:excludeProtocol>TLSv1.1</sec:excludeProtocol>
<sec:excludeProtocol>TLSv1.2</sec:excludeProtocol>
</sec:excludeProtocols>
<sec:cipherSuitesFilter>
@@ -148,4 +146,4 @@
endpointName="e:HttpsPort"
depends-on="tls-but-allow-ssl3"/>
-</beans>
\ No newline at end of file
+</beans>
