git commit: Disable SSLv3 by default for the client

Tue, 04 Nov 2014 07:24:12 -0800 

Repository: cxf
Updated Branches:
  refs/heads/master 3cf19d0f7 -> 98a578dbf


Disable SSLv3 by default for the client


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/98a578db
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/98a578db
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/98a578db

Branch: refs/heads/master
Commit: 98a578dbf4b7e19c4555bd2011f24c650d0f54c0
Parents: 3cf19d0
Author: Colm O hEigeartaigh <[email protected]>
Authored: Tue Nov 4 15:03:18 2014 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Tue Nov 4 15:03:35 2014 +0000

----------------------------------------------------------------------
 .../apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java    | 3 ---
 .../org/apache/cxf/transport/https/HttpsURLConnectionFactory.java | 2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/98a578db/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
----------------------------------------------------------------------
diff --git 
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
 
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
index 5e7a182..7e4c3e2 100644
--- 
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
+++ 
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
@@ -677,9 +677,6 @@ public class JettyHTTPServerEngine
         if (!"SSLv3".equals(proto)) {
             scf.addExcludeProtocols("SSLv3");
         }
-        if (!"SSLv2Hello".equals(proto)) {
-            scf.addExcludeProtocols("SSLv2Hello");
-        }
  
         SSLContext context = tlsServerParameters.getJsseProvider() == null
             ? SSLContext.getInstance(proto)

http://git-wip-us.apache.org/repos/asf/cxf/blob/98a578db/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
----------------------------------------------------------------------
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
index f95c5a7..4d1ec43 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
@@ -176,7 +176,7 @@ public class HttpsURLConnectionFactory {
             // The SSLSocketFactoryWrapper enables certain cipher suites
             // from the policy.
             socketFactory = new 
SSLSocketFactoryWrapper(ctx.getSocketFactory(), cipherSuites,
-                                                        
tlsClientParameters.getSecureSocketProtocol());
+                                                        protocol);
             //recalc the hashcode since somet of the above MAY have changed 
the tlsClientParameters 
             lastTlsHash = tlsClientParameters.hashCode();
         } else {

Reply via email to