Author: rhs Date: Thu Oct 16 16:05:11 2014 New Revision: 1632372 URL: http://svn.apache.org/r1632372 Log: PROTON-717: disable SSLv3
Modified: qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java Modified: qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java?rev=1632372&r1=1632371&r2=1632372&view=diff ============================================================================== --- qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java (original) +++ qpid/proton/trunk/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java Thu Oct 16 16:05:11 2014 @@ -204,9 +204,24 @@ public class SslEngineFacadeFactory boolean useClientMode = mode == SslDomain.Mode.CLIENT ? true : false; sslEngine.setUseClientMode(useClientMode); + removeSSLv3Support(sslEngine); + return sslEngine; } + private static final String SSLV3_PROTOCOL = "SSLv3"; + + private static void removeSSLv3Support(final SSLEngine engine) + { + List<String> enabledProtocols = Arrays.asList(engine.getEnabledProtocols()); + if(enabledProtocols.contains(SSLV3_PROTOCOL)) + { + List<String> allowedProtocols = new ArrayList<String>(enabledProtocols); + allowedProtocols.remove(SSLV3_PROTOCOL); + engine.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()])); + } + } + /** * @param sslPeerDetails is allowed to be null. A non-null value is used to hint that SSL resumption * should be attempted --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org