From e59a1e9efdc018b3285dd09e110afef23aefd1c3 Mon Sep 17 00:00:00 2001
From: Jon Chambers <jon@signal.org>
Date: Wed, 22 May 2024 15:51:31 -0400
Subject: [PATCH] Add support for TLS 1.2 for the benefit of load balancers
 performing health checks

---
 .../textsecuregcm/grpc/net/NoiseWebSocketTunnelServer.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/grpc/net/NoiseWebSocketTunnelServer.java b/service/src/main/java/org/whispersystems/textsecuregcm/grpc/net/NoiseWebSocketTunnelServer.java
index 4cc0d1dee..deabb65be 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/grpc/net/NoiseWebSocketTunnelServer.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/grpc/net/NoiseWebSocketTunnelServer.java
@@ -73,7 +73,8 @@ public class NoiseWebSocketTunnelServer implements Managed {
 
       sslContext = SslContextBuilder.forServer(tlsPrivateKey, tlsCertificateChain)
           .clientAuth(ClientAuth.NONE)
-          .protocols(SslProtocols.TLS_v1_3)
+          // Some load balancers require TLS 1.2 for health checks
+          .protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2)
           .sslProvider(sslProvider)
           .build();
     } else {