PROTON-717: disable SSLv3 git-svn-id: https://svn.apache.org/repos/asf/qpid/proton/trunk@1632372 13f79535-47bb-0310-9956-ffa450edef68
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/ad5e094e Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/ad5e094e Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/ad5e094e Branch: refs/heads/examples Commit: ad5e094ebb7f1ead3171885e3d7a221260c75511 Parents: 423dbc5 Author: Rafael H. Schloming <[email protected]> Authored: Thu Oct 16 16:05:11 2014 +0000 Committer: Rafael H. Schloming <[email protected]> Committed: Thu Oct 16 16:05:11 2014 +0000 ---------------------------------------------------------------------- .../engine/impl/ssl/SslEngineFacadeFactory.java | 15 +++++++++++++++ 1 file changed, 15 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ad5e094e/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java index 37021d6..9824d00 100644 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java +++ b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java @@ -204,9 +204,24 @@ public class SslEngineFacadeFactory boolean useClientMode = mode == SslDomain.Mode.CLIENT ? true : false; sslEngine.setUseClientMode(useClientMode); + removeSSLv3Support(sslEngine); + return sslEngine; } + private static final String SSLV3_PROTOCOL = "SSLv3"; + + private static void removeSSLv3Support(final SSLEngine engine) + { + List<String> enabledProtocols = Arrays.asList(engine.getEnabledProtocols()); + if(enabledProtocols.contains(SSLV3_PROTOCOL)) + { + List<String> allowedProtocols = new ArrayList<String>(enabledProtocols); + allowedProtocols.remove(SSLV3_PROTOCOL); + engine.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()])); + } + } + /** * @param sslPeerDetails is allowed to be null. A non-null value is used to hint that SSL resumption * should be attempted --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
