From 0f0706c69d82cb9599d4b39c3c46ae786c7da7fe Mon Sep 17 00:00:00 2001
From: Jochen Schalanda <jochen@schalanda.name>
Date: Thu, 26 Nov 2020 16:08:05 +0100
Subject: [PATCH] Revert "Replace invalid default excludedProtocols in
 HttpsConnectorFactory"

Refs (#3533)
This partially reverts commit 206e858b9171d4dff0c71a55a017909cf2b67d22.
---
 .../io/dropwizard/jetty/HttpsConnectorFactory.java | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/dropwizard-jetty/src/main/java/io/dropwizard/jetty/HttpsConnectorFactory.java b/dropwizard-jetty/src/main/java/io/dropwizard/jetty/HttpsConnectorFactory.java
index 1aa01291e97..7c18ca7fe84 100644
--- a/dropwizard-jetty/src/main/java/io/dropwizard/jetty/HttpsConnectorFactory.java
+++ b/dropwizard-jetty/src/main/java/io/dropwizard/jetty/HttpsConnectorFactory.java
@@ -182,7 +182,7 @@
  *     </tr>
  *     <tr>
  *         <td>{@code excludedProtocols}</td>
- *         <td>["SSLv3", "TLSv1", "TLSv1.1"]</td>
+ *         <td>["SSL.*", "TLSv1", "TLSv1\.1"]</td>
  *         <td>
  *             A list of protocols (e.g., {@code SSLv3}, {@code TLSv1}) which are excluded. These
  *             protocols will be refused.
@@ -193,7 +193,7 @@
  *         <td>JVM default</td>
  *         <td>
  *             A list of cipher suites (e.g., {@code TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}) which
- *             are supported. All other cipher suites will be refused.
+ *             are supported. All other cipher suites will be refused
  *         </td>
  *    </tr>
  *    <tr>
@@ -287,7 +287,7 @@ public class HttpsConnectorFactory extends HttpConnectorFactory {
     private List<String> supportedProtocols;
 
     @Nullable
-    private List<String> excludedProtocols = Arrays.asList("SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1");
+    private List<String> excludedProtocols = Arrays.asList("SSL.*", "TLSv1", "TLSv1\\.1");
 
     @Nullable
     private List<String> supportedCipherSuites;
@@ -762,12 +762,12 @@ protected SslContextFactory configureSslContextFactory(SslContextFactory factory
             factory.setKeyManagerPassword(keyManagerPassword);
         }
 
-        if (needClientAuth != null && factory instanceof SslContextFactory.Server) {
-            ((SslContextFactory.Server) factory).setNeedClientAuth(needClientAuth);
+        if (needClientAuth != null) {
+            factory.setNeedClientAuth(needClientAuth);
         }
 
-        if (wantClientAuth != null && factory instanceof SslContextFactory.Server) {
-            ((SslContextFactory.Server) factory).setWantClientAuth(wantClientAuth);
+        if (wantClientAuth != null) {
+            factory.setWantClientAuth(wantClientAuth);
         }
 
         if (certAlias != null) {