git commit: Disable SSLv2Hello unless protocol is given as SSLv3

Thu, 06 Nov 2014 02:18:03 -0800 

Repository: cxf
Updated Branches:
  refs/heads/master 1701e6c8d -> 89b87071f


Disable SSLv2Hello unless protocol is given as SSLv3


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/89b87071
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/89b87071
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/89b87071

Branch: refs/heads/master
Commit: 89b87071f3dedd2cd5ed874e56f69ab7dcf7953d
Parents: 1701e6c
Author: Colm O hEigeartaigh <[email protected]>
Authored: Thu Nov 6 10:17:31 2014 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Thu Nov 6 10:17:31 2014 +0000

----------------------------------------------------------------------
 .../apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/89b87071/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
----------------------------------------------------------------------
diff --git 
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
 
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
index 3d13a96..54e8e9a 100644
--- 
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
+++ 
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
@@ -674,9 +674,10 @@ public class JettyHTTPServerEngine
         String proto = tlsServerParameters.getSecureSocketProtocol() == null
             ? "TLS" : tlsServerParameters.getSecureSocketProtocol();
         
-        // Exclude SSLv3 by default unless the protocol is given as SSLv3
+        // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given 
as SSLv3
         if (!"SSLv3".equals(proto) && 
tlsServerParameters.getExcludeProtocols().isEmpty()) {
             scf.addExcludeProtocols("SSLv3");
+            scf.addExcludeProtocols("SSLv2Hello");
         } else {
             for (String p : tlsServerParameters.getExcludeProtocols()) {
                 scf.addExcludeProtocols(p);

Reply via email to