[jira] [Resolved] (DIRMINA-1028) The supported ciphers configuration might not be used

Tue, 16 Feb 2016 06:49:31 -0800 

     [ 
https://issues.apache.org/jira/browse/DIRMINA-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny resolved DIRMINA-1028.
----------------------------------------
    Resolution: Fixed

Should be fixed with http://git-wip-us.apache.org/repos/asf/mina/commit/50b70a05

> The supported ciphers configuration might not be used
> -----------------------------------------------------
>
>                 Key: DIRMINA-1028
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-1028
>             Project: MINA
>          Issue Type: Bug
>    Affects Versions: 2.0.13
>            Reporter: Emmanuel Lecharny
>             Fix For: 2.0.14
>
>
> The fact is that we apply the {{SslContext}} ciphers instead of the ones that 
> has been configured in the filter :
> {noformat}
>         sslHandler.init();
>         // Adding the supported ciphers in the SSLHandler
>         // In Java 6, we should call sslContext.getSupportedSSLParameters()
>         // instead
>         String[] ciphers = 
> sslContext.getServerSocketFactory().getSupportedCipherSuites();
>         setEnabledCipherSuites(ciphers);
> {noformat}
> Here, the configured ciphers are set in the {{sslHandler.init}} method :
> {noformat}
>     /**
>      * Initialize the SSL handshake.
>      *
>      * @throws SSLException If the underlying SSLEngine handshake 
> initialization failed
>      */
>     /* no qualifier */void init() throws SSLException {
>     ...
>         // Set the cipher suite to use by this SslEngine instance
>         if (sslFilter.getEnabledCipherSuites() != null) {
>             
> sslEngine.setEnabledCipherSuites(sslFilter.getEnabledCipherSuites());
>         }
>     ...
> {noformat}
> but this is overriden by the lines that follow.
> the code should look like :
> {noformat}
>     public void onPreAdd(IoFilterChain parent, String name, NextFilter 
> nextFilter) throws SSLException {
>         ...
>         // Create a SSL handler and start handshake.
>         SslHandler sslHandler = new SslHandler(this, session);
>         
>         // Adding the supported ciphers in the SSLHandler
>         if ((enabledCipherSuites == null) || (enabledCipherSuites.length == 
> 0)) {
>             enabledCipherSuites = 
> sslContext.getServerSocketFactory().getSupportedCipherSuites();
>         }
>         sslHandler.init();
>         ...
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to