Fix after review

community/kernel/src/main/java/org/neo4j/kernel/configuration/ssl/LegacySslPolicyConfig.java

@@ -20,20 +20,15 @@
 package org.neo4j.kernel.configuration.ssl;
 
 import java.io.File;
-import java.util.List;
 
 import org.neo4j.configuration.Description;
 import org.neo4j.configuration.Internal;
 import org.neo4j.configuration.LoadableConfig;
 import org.neo4j.graphdb.config.Setting;
 
 import static org.neo4j.kernel.configuration.Settings.PATH;
-import static org.neo4j.kernel.configuration.Settings.STRING_LIST;
 import static org.neo4j.kernel.configuration.Settings.derivedSetting;
 import static org.neo4j.kernel.configuration.Settings.pathSetting;
-import static org.neo4j.kernel.configuration.Settings.setting;
-import static org.neo4j.kernel.configuration.ssl.SslPolicyConfig.CIPHER_SUITES_DEFAULTS;
-import static org.neo4j.kernel.configuration.ssl.SslPolicyConfig.TLS_VERSION_DEFAULTS;
 
 /**
  * To be removed in favour of {@link SslPolicyConfig}. The settings below are still
@@ -59,15 +54,4 @@ public class LegacySslPolicyConfig implements LoadableConfig
     public static final Setting<File> tls_key_file =
             derivedSetting( "unsupported.dbms.security.tls_key_file", certificates_directory,
                     certificates -> new File( certificates, "neo4j.key" ), PATH );
-
-    @Internal
-    @Description( "Default encryption protocol used for legacy SSl policy." )
-    static final Setting<List<String>> default_security_protocol =
-            setting( "unsupported.dbms.security.protocol", STRING_LIST, TLS_VERSION_DEFAULTS );
-
-    @Internal
-    @Description( "Default encryption protocol used for legacy SSl policy." )
-    static final Setting<List<String>> default_security_cipher_suites =
-            setting( "unsupported.dbms.security.cipher_suites", STRING_LIST, CIPHER_SUITES_DEFAULTS );
-
 }

community/kernel/src/main/java/org/neo4j/kernel/configuration/ssl/SslPolicyConfig.java

@@ -30,6 +30,7 @@
 import org.neo4j.ssl.ClientAuth;
 
 import static java.lang.String.join;
+import static java.util.Arrays.asList;
 import static org.neo4j.kernel.configuration.Settings.BOOLEAN;
 import static org.neo4j.kernel.configuration.Settings.FALSE;
 import static org.neo4j.kernel.configuration.Settings.NO_DEFAULT;
@@ -44,8 +45,8 @@
 @Group( "dbms.ssl.policy" )
 public class SslPolicyConfig
 {
-    public static final String TLS_VERSION_DEFAULTS = join( ",", new String[]{"TLSv1.2"} );
-    public static final String CIPHER_SUITES_DEFAULTS = NO_DEFAULT;
+    public static final List<String> TLS_VERSION_DEFAULTS = asList( "TLSv1.2" );
+    public static final List<String> CIPHER_SUITES_DEFAULTS = null;
 
     @Description( "The mandatory base directory for cryptographic objects of this policy." +
                   " It is also possible to override each individual configuration with absolute paths." )
@@ -99,13 +100,25 @@ public SslPolicyConfig( String policyName )
 
         this.private_key_password = group.scope( setting( "private_key_password", STRING, NO_DEFAULT ) );
         this.client_auth = group.scope( setting( "client_auth", options( ClientAuth.class, true ), ClientAuth.REQUIRE.name() ) );
-        this.tls_versions = group.scope( setting( "tls_versions", STRING_LIST, TLS_VERSION_DEFAULTS ) );
-        this.ciphers = group.scope( setting( "ciphers", STRING_LIST, CIPHER_SUITES_DEFAULTS ) );
+        this.tls_versions = group.scope( setting( "tls_versions", STRING_LIST, joinList( TLS_VERSION_DEFAULTS ) ) );
+        this.ciphers = group.scope( setting( "ciphers", STRING_LIST, joinList( CIPHER_SUITES_DEFAULTS ) ) );
     }
 
     // TODO: can we make this handle relative paths?
     private Setting<File> derivedDefault( String settingName, Setting<File> baseDirectory, String defaultFilename )
     {
         return derivedSetting( settingName, baseDirectory, base -> new File( base, defaultFilename ), PATH );
     }
+
+    private String joinList( List<String> list )
+    {
+        if ( list == null )
+        {
+            return null;
+        }
+        else
+        {
+            return join( ",", list );
+        }
+    }
 }

community/kernel/src/main/java/org/neo4j/kernel/configuration/ssl/SslPolicyLoader.java

@@ -57,8 +57,8 @@
 import static java.lang.String.format;
 import static org.neo4j.graphdb.factory.GraphDatabaseSettings.default_advertised_address;
 import static org.neo4j.kernel.configuration.ssl.LegacySslPolicyConfig.LEGACY_POLICY_NAME;
-import static org.neo4j.kernel.configuration.ssl.LegacySslPolicyConfig.default_security_cipher_suites;
-import static org.neo4j.kernel.configuration.ssl.LegacySslPolicyConfig.default_security_protocol;
+import static org.neo4j.kernel.configuration.ssl.SslPolicyConfig.CIPHER_SUITES_DEFAULTS;
+import static org.neo4j.kernel.configuration.ssl.SslPolicyConfig.TLS_VERSION_DEFAULTS;
 
 /**
  * Each component which utilises SSL policies is recommended to provide a component
@@ -159,10 +159,7 @@ private SslPolicy loadOrCreateLegacyPolicy()
         PrivateKey privateKey = loadPrivateKey( privateKeyFile, null );
         X509Certificate[] keyCertChain = loadCertificateChain( certficateFile );
 
-        List<String> ciphers = config.get( default_security_cipher_suites );
-        List<String> tlsVersions = config.get( default_security_protocol );
-
-        return new SslPolicy( privateKey, keyCertChain, tlsVersions, ciphers,
+        return new SslPolicy( privateKey, keyCertChain, TLS_VERSION_DEFAULTS, CIPHER_SUITES_DEFAULTS,
                 ClientAuth.NONE, InsecureTrustManagerFactory.INSTANCE, sslProvider );
     }