[ https://issues.apache.org/jira/browse/DIRMINA-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny resolved DIRMINA-1028. ---------------------------------------- Resolution: Fixed Should be fixed with http://git-wip-us.apache.org/repos/asf/mina/commit/50b70a05 > The supported ciphers configuration might not be used > ----------------------------------------------------- > > Key: DIRMINA-1028 > URL: https://issues.apache.org/jira/browse/DIRMINA-1028 > Project: MINA > Issue Type: Bug > Affects Versions: 2.0.13 > Reporter: Emmanuel Lecharny > Fix For: 2.0.14 > > > The fact is that we apply the {{SslContext}} ciphers instead of the ones that > has been configured in the filter : > {noformat} > sslHandler.init(); > // Adding the supported ciphers in the SSLHandler > // In Java 6, we should call sslContext.getSupportedSSLParameters() > // instead > String[] ciphers = > sslContext.getServerSocketFactory().getSupportedCipherSuites(); > setEnabledCipherSuites(ciphers); > {noformat} > Here, the configured ciphers are set in the {{sslHandler.init}} method : > {noformat} > /** > * Initialize the SSL handshake. > * > * @throws SSLException If the underlying SSLEngine handshake > initialization failed > */ > /* no qualifier */void init() throws SSLException { > ... > // Set the cipher suite to use by this SslEngine instance > if (sslFilter.getEnabledCipherSuites() != null) { > > sslEngine.setEnabledCipherSuites(sslFilter.getEnabledCipherSuites()); > } > ... > {noformat} > but this is overriden by the lines that follow. > the code should look like : > {noformat} > public void onPreAdd(IoFilterChain parent, String name, NextFilter > nextFilter) throws SSLException { > ... > // Create a SSL handler and start handshake. > SslHandler sslHandler = new SslHandler(this, session); > > // Adding the supported ciphers in the SSLHandler > if ((enabledCipherSuites == null) || (enabledCipherSuites.length == > 0)) { > enabledCipherSuites = > sslContext.getServerSocketFactory().getSupportedCipherSuites(); > } > sslHandler.init(); > ... > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)